Home Security An Instagram Flaw Could Expose User Data Allowing

An Instagram Flaw Could Expose User Data Allowing

by ethhack

It would seem that Facebooks’ Instagram frequently makes it to the news due to its security glitches. Recently, a researcher discovered an Instagram flaw that could let an adversary link users’ contact numbers with their PII data.

Instagram Privacy Flaw Exposed Users’ Account Info

A security researcher with alias ZHacker discovered a security flaw in Instagram exposing users’ account data. As disclosed by Forbes, the researcher found that the flaw exposed Instagram users’ phone numbers linked to their accounts and real names.

Elaborating the discovery, Zak Doffman from Forbes stated that the bug existed in Instagram’s contact importer feature. Abusing this platform together with a brute force attack on the platform’s login form could allow the exploit. As stated in the blog post,

Exploiting this vulnerability would enable an attacker using an army of bots and processors to build a searchable/ attackable database of users, bypassing protections protecting that data.

Specifically, the attack begins when the attacker brute forces a contact number on the platform’s login form for a live account. Extracting contact numbers from Instagram is easily possible using an algorithm which harvests 1000 numbers a day. Then, abusing Instagram’s Sync Contacts feature, the attacker could find the account linked with that phone number.

Though the attack had some limitations, it still remained a serious issue with regards to users’ privacy.

Facebook Patched The Bug

Upon discovering the flaw, ZHacker contacted Facebook to inform them about it. However, Facebook initially did not deem it as serious as it really is. Thus, ZHacker contacted Doffman who helped raise the profile of the discovery.

Eventually, Facebook patched the flaw whilst acknowledging the bug. A Facebook’s spokesperson told Forbes,

We have changed the contact importer on Instagram to help prevent potential abuse. We are grateful to the researcher who raised this issue, and to the entire research community for their efforts.

Recently, another researcher highlighted a vulnerability in Instagram that could allow hacking 1 million accounts within 10 minutes.

Let us know your thoughts in the comments.

The following two tabs change content below.
Avatar
Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]
Avatar



Source link

Related Articles

Leave a Comment