Morning Tick
  • Latest News
    • Bitcoin
    • Ethereum
    • Ripple and XRP
    • Fintech
    • Altcoins
  • Market Analysis
  • Resources
  • Contact
    • About Us
    • Press Toolkit
Facebook Twitter Instagram
Morning Tick
  • Latest News
    • Bitcoin
    • Ethereum
    • Ripple and XRP
    • Fintech
    • Altcoins
  • Market Analysis
  • Resources
  • Contact
    • About Us
    • Press Toolkit
Facebook Twitter Instagram
Morning Tick
Facebook

Chennai techie awarded $10,000 by Facebook for identifying a new cyber vulnerability

Staff ReporterBy Staff ReporterUpdated:October 22, 2020 on October 22, 2020
Chennai techie awarded $10,000 by Facebook for identifying a new cyber vulnerability
Chennai techie awarded $10,000 by Facebook for identifying a new cyber vulnerability
Share
Reddit Facebook Twitter LinkedIn Pinterest WhatsApp Email

Laxman Muthiyah, a Chennai based cybersecurity researcher has won ,000 from Instagram after spotting and reporting a new ‘account-takeover vulnerability’ in the app. Interestingly, he won this within a month of winning $30,000 from Facebook after he had spotted and reported a security flaw in Instagram.

Muthiyah claims that the new vulnerability which he detected is similar to the one he had detected on Instagram, back in July. The security flaw allowed hackers to access Instagram accounts without the consent of the user.

In addition, Muthiyah elaborated that the flaw arose because Instagram was not using any unique device identity to validate password reset codes requested by users. He found that the unique identifier that is being used by the Instagram server to validate password reset codes can be used or rather misused to request multiple passcodes of different users.

Chennai techie awarded $10,000 by Facebook for identifying a new cyber vulnerability
Laxman Muthiyah

Laxman Muthiyah demonstrated conceptual proof explaining how a random Instagram account can be hacked by hackers.

In a letter to Muthiyah, Facebook said: “You identified insufficient protections on a recovery endpoint, allowing an attacker to generate numerous valid nonces to ten attempt recovery.”

After checking and validating Muthiyah’s arguments, Facebook fixed the security flaw and awarded Muthiyah a sum of $30,000.

Muthiyah wrote in his blog post “I reported the vulnerability to the Facebook security team and they were unable to reproduce it initially due to lack of information in my report. After a few email and proof of concept video, I could convince them the attack is feasible.”

Yesterday, Muthiyah said that he had discovered a new account takeover way and shared it with the tech giant which won him a sum of $10,000 as part of Instagram’s bug bounty programme.

Muthiyah wrote that “Facebook and Instagram security team fixed the issue and rewarded me $10000 as a part of their bounty programme.”

Share your thoughts in the comment section below!

Facebook Instagram Social Media
Disclaimer
Read More Read Less
The information provided on this website shouldn’t be considered as investment, tax, legal, or trading advice. Morning Tick is not an investment advisory platform, nor do we intend to be. The publication, its’s management team, or authored-by-line doesn’t seem liable for your personal financial losses, which may be due to your panic decisions based on the content we published. We strongly recommend considering our stories as just a piece of information, unlike advice, recommendations, or requests. Some of the contents may get outdated, updated, or inaccurate despite our profound editorial policies. We urge readers to do their due diligence before making any investments decision with ongoing IDOs, ICOs, IEOs, or any other kind of financial offerings. Few outbound links may be commissioned or affiliated, which helps us grow financially and maintain healthy editorial norms. For more information, visit disclaimer page.
Share. Facebook Twitter Pinterest LinkedIn Email Reddit WhatsApp
Previous ArticleCanon C500 Mark II supports both 2K and 4K RAW internal recording
Next Article Huami launches Amazfit GTS, Amazfit Stratos 3 and Amazfit X smartwatches
Staff Reporter
  • Facebook
  • Twitter
  • Tumblr

Staff reporter brings the latest financial technology, cybersecurity news and tech updates.

Recommended Posts

Facebook users can’t share Pirate Bay torrent links anymore in Posts & Chats

October 3, 2019
Add A Comment

Comments are closed.

Latest

Introducing Lucky Mystery Box, Crypto lottery based on TRON with a prize pool of 1M USDT

5 hours ago

GlobalDots joins forces with Coralogix to save companies 40-70% on full-stack observability costs, launching a debut CDN log management solution

3 weeks ago

KX.finance announces upcoming DeFi/DEX aggregator launch on APTOS/SUI blockchain

3 months ago

HyperBC Group unveils Zero interest Crypto Credit Card HyperCard, obtains Lithuanian Financial License

3 months ago

Unplugged launches its mobile App Suite to help consumers reclaim their privacy

3 months ago
Morning Tick
Facebook Twitter Instagram Pinterest RSS
  • About Us
  • Press Toolkit
  • Disclaimer
  • Contact Us
  • Privacy Policy
  • Sitemap
© 2022 Morning Tick. Disclaimer: The information provided on this website shouldn't be considered as investment, tax, legal, or trading advice.

Type above and press Enter to search. Press Esc to cancel.