Instagram bug
Read Time:58 Second

 

Facebook paid $30000 to this Indian Security Researcher for finding a critical bug in the Instagram app that allowed anyone to retrieve the media content of Private Instagram users

On 15th, June Facebook awarded a bounty of $30000 to Mayur Fartade a Bug Hunter from Maharashtra, according to his write up at medium, this bug allowed  An attacker to see details of private/archived posts, stories, reels, IGTV without following the user using Media ID.
Details include like/comment/save count, display_url, image.uri, Facebook linked page(if any) and other.

He found the bug on 16 April 2021,  The endpoint at Instagram API allowed a malicious user to see the posts of other users even if he doesn’t follow the user, in the write-up, he explains a media id is required to show the posts of Instagram users,

MEDIA_ID can be retrieved by brute force or guessing, and an attacker has to send a request to the Instagram API endpoint with the Media Id if the media id exists then there will be a response containing the user media content

 

About Post Author

Indian Cyber Troops

Indian Cyber Work For Nation's Wellness And Nation's Security We Share new and unique things with you Jai Hind Jai Shri Ram