views
An Indian developer and bug bounty hunter has been rewarded about Rs 22 lakh by the Facebook group for finding an Instagram bug that could allow anyone to view various posts of a private Instagram account, without following them. The bug, which has now been disclosed by the developer, Mayur Fartade on a Medium post, could have represented a major breach of privacy leading to targeted identity theft and harassment, given the risks that it represents. The bug was reported to Instagram on April 15, 2021, and has been patched by the company now.
According to Fartade, the bug could have allowed attackers or those with intents of cyber espionage to target select posts of certain users, and gain access to them even without following the said private account. The elevated privilege that the attackers could have gotten could have been used to see elements such as “private/archived posts, stories, reels (and) IGTV, details including like/comment/save count, display_url, image.uri, Facebook linked page(if any) and other particulars, without following the user and by using Media ID,” Fartade said in his post.
The bug could essentially let anyone brute force a post’s ‘Media ID’, which is an identifier for any post made on Instagram, and then use this to regenerate valid links to archived posts and private ones as well. To do this, attackers could use Instagram’s GraphQL tool from its developer library, enter the brute-forced Media ID of any targeted post, and run the tool to then get access to details such as the link to the post and its related particulars.
The bug could potentially expose numerous sensitive details, and would have certainly qualified as a breach of privacy, since non-followers getting access to content in a private account could lead to various incidents such as identity theft, blackmail, harassment and more. Instagram has now reportedly patched the bug, which should make many regular users of the platform more relieved.
Read all the Latest News, Breaking News and Coronavirus News here.
Comments
0 comment