Facebook fixes bug that exposed Instagram users' personal information
Dec 19, 2020, 10:51 IST
New Delhi, A bug during a Facebook test recently exposed the personal information like email addresses and birthdays of Instagram users, the media reported.
Saugat Pokharel, an experienced bug hunter from Nepal, discovered the bug.
The attack used Facebook's Business Suite tool, available to any Facebook business account, reports The Verge.
"If an account did not accept DMs, the user potentially would not receive any notification indicating their profile may have been viewed," the report said on Friday.
Facebook patched the vulnerability after being reported.
According to a Facebook spokesperson, the bug was only accessible for a short period of time during a small test.
"A researcher reported an issue where, if someone was a part of a small test we ran in October for business accounts, personal information of the person they were messaging could have been revealed," the company spokesperson was quoted as saying.
"This issue was resolved quickly, and we discovered no evidence of abuse. Through our Bug Bounty Program we rewarded this researcher for his help in reporting this issue to us".
Pokharel earlier found another bug in Instagram and awarded a $6,000 bug bounty payout. He found that Instagram retained photos and private direct messages on its servers long after he deleted them.
SEE ALSO:
Antony Waste Handling Cell ₹300-crore IPO will open on Monday— these are the risks and opportunities
INTERVIEW: Ikea CFO says she still has ₹3,500 crore to be spent in India— the pandemic has changed targets but not the investment plan
India will produce 300 million doses of the Russian Sputnik V COVID-19 vaccine next year
Advertisement
Saugat Pokharel, an experienced bug hunter from Nepal, discovered the bug.
The attack used Facebook's Business Suite tool, available to any Facebook business account, reports The Verge.
Complimentary Tech Event
Transform talent with learning that works
Capability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More
"If an account did not accept DMs, the user potentially would not receive any notification indicating their profile may have been viewed," the report said on Friday.
Advertisement
According to a Facebook spokesperson, the bug was only accessible for a short period of time during a small test.
"A researcher reported an issue where, if someone was a part of a small test we ran in October for business accounts, personal information of the person they were messaging could have been revealed," the company spokesperson was quoted as saying.
"This issue was resolved quickly, and we discovered no evidence of abuse. Through our Bug Bounty Program we rewarded this researcher for his help in reporting this issue to us".
Pokharel earlier found another bug in Instagram and awarded a $6,000 bug bounty payout. He found that Instagram retained photos and private direct messages on its servers long after he deleted them.
Advertisement
The company fixed the bug and allowed Pokharel to disclose the bug issue.SEE ALSO:
Antony Waste Handling Cell ₹300-crore IPO will open on Monday— these are the risks and opportunities
INTERVIEW: Ikea CFO says she still has ₹3,500 crore to be spent in India— the pandemic has changed targets but not the investment plan
India will produce 300 million doses of the Russian Sputnik V COVID-19 vaccine next year