Facebook Bug: A threat to email ids and birthday data of Instagram users
One of the cybersecurity researchers discovered this Facebook bug that your personal information is accessible by just DM’ing the user.
Key Points to Read:
Facebook Bug reveals the personal email addresses and birthdays of Instagram users.
The cybersecurity researcher Saugat Pokharel discover how sensitive information of users reveals to attackers.
As per Pokharel, the bug came into the Picture because of an experimental feature that Facebook was testing.
Millions of users of Facebook have signed up for an Instagram account as they trust the platform very reliably and at the time of sign up, it also ensures that your data like email id and birthday won’t be visible publicly but Saugat Pokharel, one of the cybersecurity researcher discover this Facebook bug that how attackers can easily access your private information.
Well, one satisfaction is that this bug was patched after being reported to Facebook and was exploited by some business accounts which gave access to the company for testing purposes.
This attack was made through a Facebook business tool that was used by Facebook business accounts that linked to Instagram as a test group but the business tool shows personal information about their private email id and birthday.
Well, All business users receive a direct message on Instagram to reveal personal information.
Facebook Bug How it attacks?
As per Pokharel that this bug only worked on Accounts that as private in the setting and do not accept DMs from the public.
By enabling this setting ideally, you will be not notified that your profile has been viewed by someone. Pokharel also said that this bug was only exposed for a small duration as the experiment started in October.
He also mentioned that the Facebook engineer quickly fixed the issues within a few hours after reporting.
Well, after this incident came in to picture Facebook spokesperson told to verge
“A researcher reported an issue where, if someone was part of a small test we ran in October for business accounts, the personal information of the person they were messaging could have been revealed.
This issue was resolved quickly, and we discovered no evidence of abuse. Through our Bug Bounty Program, we rewarded this researcher for his help in reporting this issue to us.”
Pokharel also discovered earlier in August that Instagram photos and videos were deleted by users that were not removed by Instagram.
It states that data or any information which was deleted by the user is not removed from the platform. Pokharel requested a copy of photos and direct messages which he deleted almost a year ago but it was handed over by Instagram. Well, to bring up this issue Pokharel awarded a $6000 bug bounty.
“The researcher reported an issue where someone’s deleted Instagram images and messages would be included in a copy of their information if they used our Download Your Information tool on Instagram.
We’ve fixed the issue and have seen no evidence of abuse. We thank the researcher for reporting this issue to us,” a spokesperson told TechCrunch.