Sebastián Guerrero (A Spanish IT security researcher) discovered a flaw in Instagram which he has named the “Friendship Vulnerability.” This allows anyone to add themselves as a friend to your Instagram profile without your approval. The bug reportedly give your the ability to view photos that are private as well as profile information.
Guerrero blames the bug on Instagram’s “lack of control on the logic applied to authorization feature.” The iPhone and Android applications of Instagram are affected by this remote vulnerability. Additionally, the security researcher states that the attacker could attempt a brute force attack where he or she adds themselves as a friend to a list of users and then steals all their private albums.
In one example, Guerrero adds Facebook co-founder and CEO Mark Zuckerberg’s account. He then sends Zuckerberg a personal message of congratulations for buying Instagram:
“Congratulations Mark for Instagram acquisition. When would it be eligible under the bounty bug program? ”
But when contacted, Instagram has confirmed that they were not able to reproduce the bug on their side, but they are still investigating on this issue. Instagram, one of the world’s most widely used photo sharing service was acquired by Facebook for a whooping amount few months back.
Source: ZDnet