Security researcher Saugat Pokharel has discovered a bug that can expose an Instagram user’s personal information to attackers. The bug was patched once it was reported to Facebook, but it was exploitable by business accounts that were given special access thanks to a new feature that Facebook was testing.
The company was testing an experimental feature that would allow business accounts to link to Instagram and view someone’s supposedly private information using the Business Suite tool. All they had to do was to send a direct message on Instagram to call up the information. This would show a person’s additional information alongside any direct message.
The researcher discovered that it was possible to hack private accounts or accounts that do not accept direct messages from the public. If the account would not accept direct messages, they would not even get a notification that their personal information has been viewed.
Facebook responded to this discovery saying that the bug was only accessible for a short time and it was only a small test feature. Upon investigation, Facebook also revealed that no one had abused this exploit to obtain Instagram users’ personal information.
Researcher Pokharel also said that Facebook fixed the issue within hours of being notified.