A security researcher recently discovered a flaw in the way Instagram handled the validation of password reset codes. This defect means an attacker could request one million password reset codes within a ten-minute window and with 100% success.

Experts Comments

August 28, 2019
Eve Maler
VP of Innovation & Emerging Technology
ForgeRock
It is fortunate that a white hat hacker identified Instagram’s vulnerabilities before a malicious actor did. However long the vulnerability was left unpatched, hackers with malicious intentions could have exploited millions of Instagram accounts for their own personal gain, such as spreading spam, misinformation and propaganda or demanding a hefty price for the return of the accounts or account details to their rightful owners. While the Facebook security team addressed the vulnerability.....Read More
It is fortunate that a white hat hacker identified Instagram’s vulnerabilities before a malicious actor did. However long the vulnerability was left unpatched, hackers with malicious intentions could have exploited millions of Instagram accounts for their own personal gain, such as spreading spam, misinformation and propaganda or demanding a hefty price for the return of the accounts or account details to their rightful owners. While the Facebook security team addressed the vulnerability upon notice, companies cannot solely rely on point-in-time testing by security researchers or IT personnel. Enterprises and organizations that manage large amounts of consumer data must utilize comprehensive security strategies that leverage real-time, contextual and continuous authentication and authorization management that identify anomalous behavior. Additionally, these real-time strategies must prompt further action for authentication, such as identity verification, when an unknown user is accessing a database of customer information, to put more barriers between threat actors and sensitive information.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.