[ad_1]
A cyber researcher discovered a Facebook bug revealing the email addresses and dates of birth of Instagram users.
When you sign up for an Instagram account, the service guarantees that your personal information, such as email address and date of birth, will not be publicly visible. However, cybersecurity researcher Saugat Pokharel found a vulnerability that could help intruders easily access the private information of Instagram users.
The bug was resolved after being disclosed to Facebook. But some business accounts were gaining access to the bug by exploiting experimental features that Facebook was testing.
According to Pokharel, Facebook was exploring some experimental features that lead to a bug. Even after Facebook solved it, the companies that were granted access to these experimental features still have a bug. TheVerge confirmed that the Facebook Business Suite tool used by the attackers was readily available on all business accounts.
The purpose of an experimental update was to indicate if a Facebook business account was connected to Instagram and a part of the test group, then the business suite tool would display the direct message as well as personal information including the email address and the birthdays. Just by sending a direct message, all business users can get the available information.
Pokharel noted that the attacks were seen on accounts that were public and had been configured to not allow public direct messages. If the account did not recognize the direct messages, the user theoretically would not have received any warning showing that their profile could have been accessed.
Pokharel, an experienced bug tracker, found that Instagram didn’t actually delete posts that were removed in August.
A Facebook representative explained that when the testing experience began in October, the glitch was only accessible for a limited time before it was resolved. The company does not disclose how many people have had access to the feature, however, it claims it was a small experiment and the investigation showed no signs of violence.
Pokharel said the issue was resolved within hours of being reported.
Read next: Instagram is testing a new feature for Reels and trying to compete with TikTok