Facebook fixes bug that exposed Instagram users’ personal info


New Delhi, Dec 19 (IANS): A bug during a Facebook test recently exposed the personal information like email addresses and birthdays of Instagram users, the media reported.

Saugat Pokharel, an experienced bug hunter from Nepal, discovered the bug.

The attack used Facebook's Business Suite tool, available to any Facebook business account, reports The Verge.

Pokharel found that the attack worked on accounts that were set to private and accounts that were set to not accept DMs from the public.

"If an account did not accept DMs, the user potentially would not receive any notification indicating their profile may have been viewed," the report said on Friday.

Facebook patched the vulnerability after being reported.

According to a Facebook spokesperson, the bug was only accessible for a short period of time during a small test.

"A researcher reported an issue where, if someone was a part of a small test we ran in October for business accounts, personal information of the person they were messaging could have been revealed," the company spokesperson was quoted as saying.

"This issue was resolved quickly, and we discovered no evidence of abuse. Through our Bug Bounty Program we rewarded this researcher for his help in reporting this issue to us".

Pokharel earlier found another bug in Instagram and awarded a $6,000 bug bounty payout. He found that Instagram retained photos and private direct messages on its servers long after he deleted them.

The company fixed the bug and allowed Pokharel to disclose the bug issue.

  

Top Stories


Leave a Comment

Title: Facebook fixes bug that exposed Instagram users’ personal info



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.