Mutiyah realised that all a hacker would need to do was enter the correct six digit code – a code that could be any combination between 000099 – within the ten minute window Instagram would accept the code before expiring it. But Mutiyah wondered if there might be another way to break into accounts if neither of those options were available. Now, that passcode could potentially be stolen if a hacker had somehow managed to gain access to their target’s email account, or had hijacked control of their victim’s mobile phone number via a SIM swap scam. ![]() In theory, if a hacker could enter the six-digit security code they would be able to break into the Instagram account (and reset the password locking out the legitimate owner.) If that passcode is entered, a user can regain access to their Instagram account. What Mutiyah found was that Instagram offered the option for users locked out of their accounts to request that a six-digit secret security code be sent to their mobile phone number or email account. Mutiyah found that when users asked for a password reset via Instagram’s web interface, the site would email a reset link to the user’s email account.Īfter a few minutes of testing Mutiyah couldn’t find any bugs, and so turned his attention instead to how smartphone users recover access to their Instagram accounts.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |