An Indian developer and bug bounty hunter has been awarded a reward of around Rs 22 lakh by a Facebook group for finding an Instagram bug. This was a bug that anyone can see posts from a user’s private account without following him.
The developer, Mayur Fartade, revealed this bug through a post. This raises a big question regarding the privacy option of Insta. Through this, anyone can commit a crime like harassment by stealing someone’s personal information or post. This bug was reported to Instagram on April 15, 2021 and has now been fixed by the company.
According to Fartade, through the bug, an attacker or cyber espionage could target selected posts of certain users and access the said private account without even following it.
Mayur wrote in his post, “Attackers use this bug to access media such as “Private Post, Story, Reel and IGTV, and their information such as /comment/save count, display_url, Image.uri, Facebook linked page” without any login and Could watch without following.”
The bug could essentially let anyone access the post’s media ID, which is an identifier for any post made on Instagram, and then use it to recreate legal links for posts and private ones .
To do this, attackers can use Instagram’s GraphQL tool from its developer library, enter the brute-force media ID of any targeted post, and then gain access to details such as the post’s link and related information. can run the tool.
The bug could potentially expose a lot of sensitive information and would certainly qualify as a breach of privacy, as non-followers gaining access to content in a private account could lead to identity theft, blackmail, harassment and more. Various incidents like this can happen. Instagram has now reportedly patched the bug, which should bring further relief to many regular users of the platform.
Facebook us for social media updates (https://www.facebook.com/moneycontrolhindi/) and Twitter (.) to follow.