Barely a month after winning $30,000 from Facebook for spotting a flaw in Instagram, Chennai-based security researcher Laxman Muthiyah on Monday said he again discovered a new account takeover vulnerability on the photo and video-sharing app. This time he has won $10,000 as part of the social network’s bug bounty programme.
The new vulnerability that Muthiyah spotted was similar to the one he reported in July and allowed anyone to hack Instagram accounts without consent permission.
Facebook has now fixed the vulnerability that Muthiyah reported.
“Facebook and Instagram security team fixed the issue and rewarded me $10000 as a part of their bounty programme,” Muthiyah said in a blog post.