During the security checks, the security safety Consultant Arne Swinnen found that the form of verification of accounts may differ. But, in some ways, it was not revealed the vulnerabilities while others allow an attacker to gain access to the account. According to the security expert, 39,000 accounts could be accessed by changing the associated account phone number, a feat which also exposed a user’s phone digits as it was pre-filled into the form. In addition, a hacker could also potentially change the email address of 1700 members. The Instagram owner, Facebook paid Arne Swinnen (@arneswinnen) $US5000 for reporting the loopholes, slinging a patch within 10 days of the disclosure earlier this month. According to the Pig, “An attacker could gain access to the user’s personal information, and can also easily change their phone numbers on the Instagram account. Hence, after you enter a new number, a hacker could also use the password change function via SMS and can gain full access to your account”. As the security safety consultant, Arne Swinnen says that “This case was the most troublesome, as an attacker could on one hand gather sensitive user information (pre-filled phone numbers) and on the other hand simply update the phone number linked to the victim Instagram account”. Moreover, the security safety consultant Arne Swinnen also added that “quick manual checks found many of those phone number -exposed Instagram accounts were “mostly human” that had been inactive for a couple of weeks with a “good amount” of followers”.
Δ
