A now-patched Instagram vulnerability could have exposed users' account data and phone numbers to cyberattackers, parent company Facebook confirmed in a new report from Forbes.
The bug was discovered by an Israeli hacker who goes by the handle @ZHacker13. It could have potentially been used to access user data including names, full phone numbers, and Instagram account numbers and handles – all an attacker needs to narrow their focus on a specific person.
It's the latest in a series of bad news for Facebook, which recently patched an account-takeover flaw in Instagram that would have let an attacker take over any account by resetting its password. Earlier this month, 419 million phone numbers belonging to Facebook users were found publicly accessible in a third-party database left online without password protection.
This particular vulnerability existed in Instagram's contact importer, which, when subject to brute force attacks, could grant an attacker access to the data. An attacker could use an algorithm to verify individual phone numbers to see which are linked to an Instagram account. Exploiting a second process could give them the name and number linked to the phone number, enabled by the Sync Contacts tool that lets users find their contacts on the platform.
In theory, an attacker could leverage a wealth of bots to brute force Instagram's login form and collect legitimate phone numbers, Forbes points out in its report. Instagram caps syncing to three times pe ..
Support the originator by clicking the read the rest link below.
