Let’s not forget that social media giant has implemented a bug bounty program through Bugcrowd in which independent security researchers can expose vulnerabilities and get paid for that.
How can hackers get into my Instagram account?
That’s the case with a new Instagram bug that allows almost anyone to hack into your account. The bug was discovered by a security researcher while investigating the app.
His focus was on the changing/recovering password process and how it could be ‘brute forced’. As you already know, when you forgot your Instagram password and want to recover it, the app will send you a 6-digit code to your smartphone.
After that, you have to enter that code in the app. This is where the security researcher found the vulnerability.
He created an automated brute-force attack by writing a programming script to input a very large number of guesses from multiple IPs.
The process requires a massive amount of IPs because Instagram limits the number of guesses to 250 per IP inside a 10 minute window.
Keep in mind that this kind of brute-force attacks work on your smartphone as well as on your Windows 10 PC, so always make sure that your PC is updated and protected to avoid future issues.
Could my Instagram account get hacked because of this bug?
You’ll be happy to know that Facebook changed Instagram’s server-side defensive mechanism and now the attack won’t work anymore.
Despite that, if you receive an account recovery code or a password reset message and you didn’t request it, be sure to report it right away.
Software vulnerabilities are a constantly growing problem, but it’s good to know that someone is ready to solve them at all times.
What would you do if your Instagram account got hacked? Leave your answer along with any other questions in the comments below and we’ll surely continue the talk.
RELATED SECURITY ISSUES THAT YOU SHOULD BE AWARE OF:
- This realistic phishing scam is after your Facebook credentials
- Malicious apps are using Facebook APIs to steal private data
- Hackers use old malware in new packaging to attack Windows 10 PCs