This Instagram bug could’ve let anyone hack your account

by Vlad Turiceanu
Vlad Turiceanu
Vlad Turiceanu
Passionate about technology, Windows, and everything that has a power button, he spent most of his time developing new skills and learning more about the tech world. Coming... read more
Affiliate Disclosure
Instagram flaw could've let hackers into your account

It’s not the first time that Facebook, and Instagram are facing security issues. There’s a long history of bugs and Facebook flaws, some smaller and others with huge impact.

Let’s not forget that social media giant has implemented a bug bounty program through Bugcrowd in which independent security researchers can expose vulnerabilities and get paid for that. 

How can hackers get into my Instagram account?

That’s the case with a new Instagram bug that allows almost anyone to hack into your account. The bug was discovered by a security researcher while investigating the app.

His focus was on the changing/recovering password process and how it could be ‘brute forced’. As you already know, when you forgot your Instagram password and want to recover it, the app will send you a 6-digit code to your smartphone.

After that, you have to enter that code in the app. This is where the security researcher found the vulnerability.

He created an automated brute-force attack by writing a programming script to input a very large number of guesses from multiple IPs.

The process requires a massive amount of IPs because Instagram limits the number of guesses to 250 per IP inside a 10 minute window.

Keep in mind that this kind of brute-force attacks work on your smartphone as well as on your Windows 10 PC, so always make sure that your PC is updated and protected to avoid future issues.

Want to always protect your PC while online? Check out this amazing article to find out how you can do that.

Could my Instagram account get hacked because of this bug?

You’ll be happy to know that Facebook changed Instagram’s server-side defensive mechanism and now the attack won’t work anymore.

Despite that, if you receive an account recovery code or a password reset message and you didn’t request it, be sure to report it right away.

Software vulnerabilities are a constantly growing problem, but it’s good to know that someone is ready to solve them at all times.

What would you do if your Instagram account got hacked? Leave your answer along with any other questions in the comments below and we’ll surely continue the talk.


This article covers:Topics: