Leave a comment

Anyone can take over your Instagram account in seconds

Anyone can take over your Instagram account in seconds
photo courtesy of SHUTTERSTOCK

Security researcher Stevie Graham was denied a bug bounty by Facebook after he pointed out a major security flaw for Instagram running on iOS.

Maybe he was denied because the bug has been known about since 2012? Or is it because Facebook-owned Instagram didn't think it was that big of a deal?

Either way, it's a big deal now - he's made the hack public and is telling everyone how you can hack into other people's Instagram accounts using a shared Wi-Fi connection.

instahack

In the three Tweets above, Graham says:

Last night I reported a serious security hole with @instagram that I've known about for years. They're not going to give me a bug bounty...

In a nutshell some API endpoints are HTTP which means I can most probably take control of your account if we're on the same wifi

Denied bug bounty. Next step is to write automated tool enabling mass hijacking of accounts. Pretty serious vuln[erability], FB. please fix.

Next page: How the flaw works, and what you can do to protect yourself
Huge data breach! A million credit cards stolen
Previous Happening Now

Huge data breach! A million credit cards stolen

Deal of the Day: Up to 50% off hard drives, MicroSD, flash drives + a special offer from me to you
Next Happening Now

Deal of the Day: Up to 50% off hard drives, MicroSD, flash drives + a special offer from me to you

View Comments ()