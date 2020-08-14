A cybersecurity researcher named Saugat Pokharel caught Instagram’s vulnerability. Pokharel, who reached 1 year of data while trying to download his data, realized that this was due to a security flaw. Instagram officials who closed the gap paid the cybersecurity researcher $ 6,000.

A cybersecurity researcher announced that he detected a critical and alarming vulnerability in Instagram, one of the world’s most popular social networks. This vulnerability the cybersecurity researcher discovered was causing users’ deleted photos and messages to be stored in the platform’s database for over a year. Fortunately, this vulnerability has been covered by Instagram.

Cybersecurity researcher Saugat Pokharel noticed the presence of such a security error while using the data download feature Instagram introduced a few years ago. In fact, this situation developed spontaneously. The main purpose of the cyber security researcher in question was not to encounter such a vulnerability. According to Instagram, this vulnerability did not cause any user’s data to be compromised or any other problem.

In informing users on this issue, Instagram states that the deleted data of an account is stored in the database for 90 days, then permanently deleted. In other words, it is not expected that a user will reach their deleted data after more than a year under normal circumstances. The cyber security researcher states that he is astonished at the vulnerability he encountered.

The cyber security researcher reported Instagram’s vulnerability to the authorities in October 2019. Instagram developers took immediate action to close this vulnerability, and last month they closed it. In the statements made by Instagram officials, it was stated that the cyber security researcher who determined the vulnerability in question was awarded 6,000 dollars (approximately 45 thousand TL).

When we look at the statements made on the subject, we can say that closing the security gap in Instagram may be pleasing. However, this is an important question mark. The question mark is when the vulnerability has been exploitable. There is no answer to this question. Perhaps this problem has existed since the launch of the data download feature released in 2018, but nobody noticed it.

By the way, Instagram is currently in trouble with a lawsuit. According to the lawsuit filed in the USA, the platform collects biometric data of users without permission and makes money from it. Moreover, it is stated that this process is made for more than 100 million users. It is currently unknown how the case will end, but it seems that Instagram will continue to be the subject of our news about this case in the coming days.



