Facebook has repaired a vulnerability in its Instagram social media platform, after a researcher found that it could be exploited to link users' phone numbers to their account numbers, usernames and actual names.
With the help a brute-force algorithm and a network of bots, malicious actors could have leveraged the flaw to bypass data security protections and gain access to information that they could have used to build a searchable database of users for future attack campaigns, according to Forbes reporter Zak Doffman in an article published earlier today.
The flaw was discovered by an Israeli hacker with the Twitter handle @ZHacker1, who says he privately disclosed the issue to Facebook back in early August. However, @ZHacker1 claimed that the social media giant was not acting with urgency to address the problem. Doffman last week contacted Facebook, which reportedly confirmed the vulnerability and shortly thereafter issued its fix.
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.