Hello, buddy :) In the American media, the news appeared that one hacker managed to hack his Instagram account in just 10 minutes, in turn, Facebook paid him 30 thousand dollars of remuneration. [Original article]
Let's go in order: In the words of: Laxman
So Laxman discovered a vulnerability in the password recovery system for his Instagram account. The fact is that when a user enters his phone number to resume access to the profile, Instagram sends him a six-digit numeric code that must be entered to verify his identity. Laxman Mutiya decided that if he could try a million different codes at this stage, then one would definitely work, which would lead to a password change on any Instagram account.
However, Laxman rightly decided that the photo service would certainly have protection against such an attack. Indeed, Instagram provides such protection, it limited the number of shift requests that a user can send from one IP address.
Through numerous calculations , Laxman determined that for a successful hack he would need about 5,000 IP addresses, each of which would send 200,000 recovery requests. Laxman says it's not that hard to do if you use a Google or Amazon cloud service . In this case, the entire attack will cost the attacker only $150.
Laxman Mutiya sent his research to the Facebook administration, which was convinced of the insecurity of the existing system. As a result, the vulnerability in Instagram was eliminated, and Laxman himself received a $30,000 reward under the “bug bounty” program for the identified shortcomings.Instagram, meta, facebook, photo