On Monday, a security researcher named Laxman Muthiyah based in Chennai discovered a new account takeover vulnerability on Instagram, which is owned by Facebook and is a photo and video-sharing app. For his discovery, he was awarded a reward of $10,000, which is equivalent to approximately Rs 7.2 lakh in Indian currency, as part of the social network’s bug bounty program.
| More: Read when facebook paid $10000 to a 10-year old hacker from Finland for spotting Instagram bug

The hacker claimed that Facebook has resolved the vulnerability at this point. In a blog post, Muthiyah stated that “Facebook and Instagram security teams rectified the bug and gave me $10000 as a part of their bounty program.”
| Read: How do passwords get hacked by hackers
A comparable flaw that the hacker discovered in Instagram one month ago earned him a prize of $30,000 (about Rs. 21.5 lakh) from Facebook. The newly discovered vulnerability could have been used to hack multiple accounts at once using the device ID and password reset code. This is in contrast to the previously discovered vulnerability, which allowed anyone to circumvent the rate-limiting mechanism over the six-digit passcode when one attempts to reset an Instagram account.
Laxman Muthiyah, a security researcher based in Chennai, was given a reward of $10,000 by Instagram’s parent company, Facebook, for discovering a fault in the Instagram app less than a month after receiving $30,000 from Facebook for discovering a similar flaw.
In a post on his blog, Muthiyah describes the problem at hand. According to him, a device ID that has been generated at random is transmitted alongside the passcode request made by users on their mobile devices. The same device ID is used once more in the process of verifying the passcode.


