According to a report on Forbes website Instagram’s parent company Facebook has confirmed that a newly discovered security vulnerability may have put data at risk, leaving users open to attack by threat actors.
The vulnerability which would let an attacker access account details and phone numbers was serious enough that after they contacted Facebook to raise the profile of the security researcher’s disclosure, they asked for additional time to make changes before the story was published. Facebook has now made those changes to Instagram to protect its users.
An Israeli hacker going by the handle @ZHacker13 discovered the vulnerability. This means the platform’s security was being bypassed to provide phone and account numbers, linked to usernames and real names.
Facebook had also told @ZHacker13 that although the vulnerability was serious, there was internal awareness of the issue and so it was not eligible for a reward under the bounty scheme.
You can read the full report here.