Instagram‌ ‌bug allowed anyone to access private accounts

Instagram has fixed a new bug that allowed anyone to access private accounts’ archived posts and stories without needing to follow them.


On April 16, 2021, Fartade reported the problem to Facebook’s security team, and the Instagram bug was fixed on June 15.


As part of the company’s bug bounty program, he was also paid $30,000.



   Instagram bug, Facebook bug, bug bounty, facebook, Instagram, antivirus, backdoor, Computer Security, Computer Security news, computers, cyber news, cyber security news, cyber security news today, cyber security updates, cyber updates, cyberattack, Cyberattack news, cyberattacks, cybercrime, cybercriminals, cybersafe news, cybersecurity, cybersecurity news now, cybersecurity news today, dark web, data breach, Data leak, data stealing malware, DDoS, Distributed Denial of Service, Email, email security, Excel, exploit, hacker news, Hacks, Infected Installer, Info Stealer, information security, Information Stealer, InfoSec, infosec news, latest cybernews today, latest cybersecurity news today, linux, Mac, Malicious email campaign, Malvertising, Malware, malware app, malware removal, mining bots, Mobile Security, network security, online security, personal data exposed, Phishing, Privacy, python bot, ransomware, ransomware attack, ransomware attacks 2021, ransomware gang, ransomware group, ransomware malware, ransomware news, RAT, RCE, recent ransomware attacks, Remote Access Trojan, Remote Code Execution, remote desktop app, remote desktop app virus, remote desktop malware, REvil, rootkit, Security, security flaw, smartphone, software vulnerability, Spam, spyware, Supply Chain, tech, tech news, tech support, tech updates, technical support, Technology, trojan, virus, virus removal, Vulnerabilities, Vulnerability, Web Security




“This bug could have allowed a malicious user to view targeted media on Instagram,” Mayur Fartade said in a Medium post today. “An attacker could have been able to see details of private/archived posts, stories, reels, IGTV without following the user using Media ID.”


Despite the fact that the attack necessitates knowledge of the media ID associated with an image, video, or album, Fartade demonstrated that by brute-forcing the identifiers, it was possible to build a POST request to a GraphQL API and extract sensitive data.


Details like like/comment/save count, display url, and image.uri pertaining to the media ID may be collected even without following the targeted person as a result of the issue, as well as exposing the Facebook Page linked to an Instagram account.


On April 23, Fartade said he identified a second endpoint that revealed the identical piece of data.


Both of the leaking endpoints have since been fixed by Facebook.


Facebook, like a lot of tech companies, offers a bug bounty program that allows security experts to responsibly disclose suspected security flaws in the company’s software.


A researcher is rewarded by the company if they are able to effectively demonstrate a security weakness or bug in the code.


Many businesses employ the same process to uncover security holes and prevent them from being sold on the dark web, where they are typically used to target people and obtain access to data.




Also read:

SEO poisoning used to backdoor targets with malware


McDonald’s suffers data breach: Reports


Volkswagen suffers massive data breach: 3.3 million customers impacted