WordPress database error: [Disk full (/tmp/#sql_6703_16.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")]
SHOW FULL COLUMNS FROM `wpgp_options`

WordPress database error: [Disk full (/tmp/#sql_6703_16.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")]
SHOW FULL COLUMNS FROM `wpgp_options`

Instagram bug leads to hacking account | The Tech Infinite
Cyber SecurityHackingInstagram

Instagram bug leads to hacking account

In today’s world, everything is on internet even our social life. Despite having advanced security measures by tech giants (such as Facebook, Google etc) hackers found a way to bypass those measures. 

One such popular social media platform, has a flaw which helps hackers to hack any Instagram account without requiring any use interaction.

So, let’s discuss about it.

About the bug

The “password recovery” or “password reset” is a feature that helps the users to reset their account in case they forget the password. 

The Instagram has a similar feature but user have to enter a six digit passcode (that is valid for 10 minutes) sent to their registered mobile number.

So the six digit passcode are from 000000 to 999999 that are 10lakh passcodes. but these passcodes are random.

Instagram’s security

So in theory one can try to enter 10lakh passcodes but the Instagram passcode has 10 minute validity i.e. the code will not work after the 10 minute..

Also, the Instagram blocks a computer or you can say that IP address, if a computer make more than 200 guesses. 

How to hack

But a security researcher researcher Laxman Muthiyah has found a way.

According to him, he tried with 1 IP addresses( or you can say 1 computer) and got blocklisted after 200 attempt.

Then he tried with 1000 IP addresses (or 1000 computers) and was able to make 2,00,000 guesses.

From this, he understands he needed 5000 computers (5000 *200 =10,00,000).

How to get 5000 computers

Yeah this is the question, how to try the passcode the 5000 computers ?

Well this is easy than you may have thought.

You can get the 5000 IP addresses from the cloud accounts (cloud computing) from Amazon (AWS) , Microsoft (Azure) or from Google (GCP) from as low as 150$ or in about ₹10,500.

Video of the attack:

Update:

Instagram has patched this vulnerability and awarded Laxman $30,000 or ₹20.6 lakhs as bug Bounty.

Kashish Nagpal

I am a tech geek. I constantly wonder in the cyber space looking for the news for U.

Related Articles

Leave a Reply

Back to top button
The Tech Infinite