A spanish guy finds a Follower vulnerability in Instagram Api
Guerrero gave all the details of how this vulnerability works in his blog.
Basically, there is a lack of control in what Instagram explained in his blog like that: “We were recently alerted to a bug in the way our following / followers system works. Due to this bug, in very specific circumstances a following relationship could be created incorrectly”.
It seems that the failure allows an attacker to perpetrate an “attack to be added as a friend to any account, private or not”
Guerrero also shown an example in which he added himself to the people followed by Mark Zuckerberg and even sent to the Facebook owner a funny message of congratulation on buying Instagram (see pic in the right side).
However, Instagram informed through its Help Center stating about what they called Following Bug has been rapidly fixed, in less than two hours. They also informed that no users’ data were at risk anyway and at that no private photos were made public. So they shouldn´t be any reason to be worry. The situation seems to be under control.
However, that could explain the recent trend of “evil” webs or services sprouting these last days and offering “Followers or Likes” vs an amount of money.
Guerrero (a very usual spanish family name that means “fighter”) is a particularly peaceful and gentleman who just warned Instagram of a fatal problem when other people started probably to think about ways to make money of this vulnerability.
Congrats Sebastian! Funny and Fair!
You can consult Sebastian Guerrero Post here