Technology Facebook awards $30,000 bounty for exploit exposing private Instagram content

14:51  16 june  2021
14:51  16 june  2021 Source:   zdnet.com

The real story behind the infamous mutiny on the H.M.S. Bounty

  The real story behind the infamous mutiny on the H.M.S. Bounty The British naval crew’s rebellion is legendary. But here’s what happened afterward—from marooned mutineers to court-martials.Now famous for its mutiny, the Bounty has become a big-screen legend, spawning five feature films in the 20th century alone. But the ship’s voyage, and it's unforeseen consequences, were very real.

Facebook has awarded $30,000 to a researcher for reporting vulnerabilities in Instagram's privacy features.

graphical user interface, text, application, chat or text message © ZDNet


  • The best browsers for privacy: Browse secure on the big bad internet
  • Cyber security 101: Protect your privacy from hackers, spies, and the government
  • The best antivirus software and apps
  • The best VPNs for business and home use
  • The best security keys for two-factor authentication
  • Ransomware: Do these three things to help protect your network from attacks (ZDNet YouTube)

According to a Medium blog post penned by bug bounty hunter Mayur Fartade on Tuesday, a set of vulnerable endpoints in the Instagram app could have allowed attackers to view private media on the platform without following a target account.

Best Star Wars Day sales

  Best Star Wars Day sales May the 4th, otherwise known as Star Wars Day, has finally arrived. And fortunately, you won't have to look far, far away for deals and freebies on some of our favorite "Star Wars" merch.Amazon

This included private and archived posts, stories, and reels.

If an attacker obtains a target user's Media ID, via brute-force or through other means, they could then send a POST request to Instagram's GraphQL endpoint, which exposed display URLs and image URLs, alongside records including like and save counts.

A further vulnerable endpoint was also found that exposed the same information.

In both cases, an attacker could extract sensitive data concerning a private account without being accepted as a follower, a feature of Instagram designed to protect the privacy of users. In addition, the endpoints could be used to extract the addresses of Facebook pages linked to Instagram accounts.

Fartade reported his findings for the first endpoint through the Facebook Bug bounty program on April 16. Facebook's security team then responded on April 19 with a request for further information including steps for reproduction.

Portugal to allow EU and UK tourists with a negative coronavirus test

  Portugal to allow EU and UK tourists with a negative coronavirus test Portugal to allow EU and UK tourists with a negative coronavirus testThe announcement came a day after the Portuguese tourism authority gave the green light to UK tourists to enter the country from Monday.

By April 22, the bug bounty hunter's report had been triaged, and a day later, Fartade found and informed Facebook of the second leaky endpoint.

Facebook patched up the vulnerable endpoints on April 29, however, Fartade says that a further fix was required to fully resolve the security issue.

A financial reward worth $30,000 was awarded by June 15, the bug bounty hunter's first through Facebook's program. The social media giant thanked the researcher for his report.

ZDNet has reached out to Facebook and we will update when we hear back.

Previous and related coverage

  • Bug bounties: More hackers are spotting vulnerabilities across web, mobile and IoT

  • Google paid $6.7 million to bug bounty hunters in 2020

  • Microsoft Teams now has its own bug bounties for researchers who can spot security flaws

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0

‘Awards Chatter’ Podcast — Bryan Cranston (‘Your Honor’) .
The revered stage and screen actor reflects on his decades of commercials and guest spots before he became famous at 43, the crazy series of events that led him to ‘Breaking Bad’ and, seven years after it ended, returning to TV in a limited series.On a recent episode of THR’s Awards Chatter podcast, the 65-year-old reflected on how he almost became a policeman instead of an actor; his many years of commercial work and guest spots — most famously as Dr.

usr: 3
This is interesting!