How I Hacked Instagram Accounts
For this post, I’m going to show you what I found in Instagram OAuth, and how I was able to hack into Instagram accounts using the OAuth vulnerabilities on Instagram.com/facebook.com.
There are basically two ways to take advantage of the Instagram OAuth in order to take control of those accounts.
1. Hijack Instagram accounts using the Instagram OAuth (https://instagram.com/oauth/authorize/)
2. Hijack Instagram accounts using the Facebook OAuth Dialog (https://www.facebook.com/dialog/oauth)
If the attack is successful, it could provide access to:
The ability to delete photos and edit comments
The ability to post new photos
Because I’m a big Instagram “fan,” I thought to myself, “Why not take a look at its security?”
Here come my story regarding Instagram,
When Facebook Acquired Instagram, I Start to check them for Security Vulnerabilities,
I reported a few issues to Instagram Include OAuth Attacks, But the acquisition didn’t closed yet and Facebook Security was unable to put their hands on security issues in Instagram, So I was waiting, Waiting like a good WhiteCollar, Then Facebook Security send me a message, They say even that they was unable to fix this issues because the acquisition didn’t closed yet, They will still payout for this vulnerabilities.
Read More Here