A researcher received a $5,000 bounty from Facebook after finding two vulnerabilities that could have allowed hackers to brute-force Instagram account passwords.
Belgian bug bounty hunter Arne Swinnen discovered that malicious actors could launch brute force attacks against Instagram accounts via the official Android application and via the registration page on Instagram.com.
The first vulnerability, which Swinnen reported to Facebook in late December, could have been exploited to conduct brute force attacks against the authentication domain used by the Instagram app for Android.
Leave a reply
