Researcher Wins $5,000 for Finding Two Ways to Brute-Force Instagram Accounts

Clever researcher finds 2, not one, ways to break Instagram

 
                                   http://i1-news.softpedia-static.com/images/fitted/340x180/researcher-wins-5-000-for-finding-two-ways-to-brute-force-instagram-accounts.png
 May 20, 2016 11:18 GMT  ·  By Catalin Cimpanu Facebook fixed two glaring security issues on Instagram that allowed attackers to carry out brute-force attacks and take over user accounts without too many difficulties.
 
Belgian security researcher Arne Swinnen discovered both issues, one that affected Instagram's Android login form, and another one that affected Instagram's Web-based registration system.
 
The researcher says that both brute-force attack issues were exploitable due to Instagram's lackadaisical password policy, the fact that it still uses incremental user IDs, and because it lacked proper rate limiting protection.
 
Full Article