How to hack an instagram account 2024 free?

The well-known social software Instagram has recently been exposed to a vulnerability, claiming that it can steal other users' Instagram accounts without any interaction with the user.

Due to the "fall" of Facebook, Instagram is gradually becoming the most popular social media in the world, occupying an absolutely dominant position in photo sharing and user interaction. Despite their advanced protection mechanisms, large platforms such as Facebook, Google, and LinkedIn cannot completely avoid attacks from the underground world, not to mention that they themselves have many vulnerabilities.

Recently, ins issued a statement stating that a series of vulnerabilities were discovered. The current status is that some have been fixed, some are being fixed, and some have not been found (???).

This article is about a vulnerability that has been fixed.

It is reported that hackers can use this vulnerability to reset the password of any Instagram account and gain complete control. The vulnerability was discovered by Laxman Muthiyah, a bug bounty hunter from India.

The vulnerability exists in the password recovery mechanism of the ins mobile terminal. Using the "password reset" or "password recovery" function allows users to recover their accounts if they forget their passwords.

Instagram’s password retrieval mechanism is like this: before users can retrieve their password, they must first authenticate through a six-digit verification code received on their phone or email. This means that if you can crack millions of combinations Verification code, then the user password can be cracked (nonsense).

But in fact this operation is impossible because ins limits the number and speed of password attempts.

However, Laxman discovered that this mechanism can bypass the rate limit by making multiple attempts using multiple requests sent simultaneously from different IP addresses. He said that since ins official does not have a mandatory permanent blocking code mechanism, the 10 minutes in terms of rate limit is the key to this mechanism. Using concurrent requests and IP rotation can allow me to bypass this mechanism.

As demonstrated in the video, Laxman successfully proved that Instagram accounts have vulnerabilities that can be hijacked by quickly trying 200,000 different password combinations, and said that in a real attack scenario, the attacker would need about 5,000 different IPs While that may sound like a lot to hack into someone else's account, it's actually very easy to do with a cloud service provider like Amazon or Google, and it costs about $150 to perform an attack.

Currently, this vulnerability has been officially fixed by Instagram, and Laxman was also given $30,000 as a reward for discovering the vulnerability (I’m so sad). It also announced that in order to protect your account from multiple types of online attacks and reduce the opportunity for attackers to launch attacks directly against the application, it is strongly recommended that users enable "two-factor authentication", which can effectively prevent hackers from illegally Access your accounts and steal passwords.