A cybersecurity researcher discovered a bug on Facebook that caused the personal information of Instagram users to be exposed. This discovered error was closed shortly after it was reported to Facebook.
We have told you many times about cyber attacks before and we are here with a new one. A researcher discovered a Facebook bug revealing the email addresses and date of birth of Instagram users.
When you sign up to create an Instagram account, personal data such as email address and date of birth are promised to be kept confidential, but Saugat Pokharel, a security researcher, discovered a vulnerability in which attackers could easily access personal information of Instagram users.
Fixed the bug but some business accounts were also accessed
This vulnerability, which provides access to personal information such as e-mail address and date of birth, was closed after Facebook was notified. Nevertheless, according to the news in the Digital Information World, some business accounts were accessed using the experimental features tested by Facebook.
According to Pokharel, some experimental features Facebook was working on caused the error to appear. Although this bug is fixed later, it’s open to business accounts with access to experimental features. Here, the tool used by the attackers was Facebook Business Suite.
The purpose of the experimental update was to show whether a Facebook business account is linked to Instagram and the test group. Later, the Facebook Business Suite tool showed direct messages with personal information. By simply sending a direct message, all business users could access relevant information.
Pokharel stated that these attacks were seen on public accounts that do not allow direct messages. Commenting on the issue, the Facebook representative said that this error lasted for a very short time and was closed before too much time. Although it is not disclosed how many people accessed this feature, it was explained that it was a small experimental study and there were no signs of abuse.