A researcher named Saugat Pokharel identified a vulnerability where hackers could easily access personal information of Instagram users via Facebook. It was stated that the vulnerability in question emerged with the messages sent to the users.
Detected Facebook vulnerability disclosing Instagram information
Security gaps are undoubtedly one of the most important fears of social media sites. This time, Facebook faced an annoying security problem. A security researcher named Saugat Pokharel discovered a vulnerability on Facebook that makes the email and birth date information of Instagram users visible. In essence, Instagram promises that when signing up for the app, information such as email and date of birth will not be shared with third parties in any way and will remain completely confidential. However, pirates have the opportunity to easily access information thanks to this vulnerability.
According to The Verge, the source of the vulnerability is the Busines Suite tool, which Facebook manages business accounts. If a business account is linked to Instagram and included in the test group, the Business Suite tool allows third parties to view private information about the person, including private email address and birthday. What the attacker has to do is send a message on Instagram to find out this information.
Pokharel stated that he interacted with Facebook engineers to eliminate the gap in question. The deficit was fixed soon after the interaction. Speaking on the subject, Facebook official stated that the incident was a small experimental study and that no signs of abuse were seen.