According to the researcher, the private information of Instagram users was just a DM away.
A Nepal-based IT security researcher Saugat Pokharel identified a Facebook bug that exposed the private data of Instagram users, including their email addresses and birthdays. Ironically, the service promises users that such information won’t be disclosed to the public at the time of registration.
According to Pokharel who was participating in the Facebook bug bounty program, the bug made it easy for an attacker to get such private information from Instagram users. However, it is worth noting that the bug existed in Facebook’s Business Suite tool available for Facebook business accounts and offered access to a feature that the company was testing.
See: Facebook Messenger bug allowed callers to listen to unattended calls
The experimental feature aimed to link a Facebook account to Instagram so that the suite displayed more information about the person and a DM (direct message) option, such as their birthdate and personal email address.
The attack worked on accounts that were set as private and didn’t receive DM messages from the public. Such accounts could not receive a notification if their profile were viewed.
A Facebook spokesperson revealed in an official statement to The Verge that the bug was active for a short while during an experiment conducted in October.
“A researcher reported an issue where, if someone was a part of ..
Support the originator by clicking the read the rest link below.
