A Facebook bug exposed Instagram users’ personal email addresses and birthdays

Illustration by Alex Castro / The Verge

When signing up for an Instagram account, the service promises that your email and birthday won’t be publicly visible. A bug discovered by security researcher Saugat Pokharel, however, made it so that an attacker could easily get that private information. The bug, which was patched after being reported to Facebook, was exploitable by business accounts that were given access to an experimental feature the company was testing.

The attack used Facebook’s Business Suite tool, available to any Facebook business account. The experimental upgrade meant that if the Facebook business account was linked to an Instagram account, the Business Suite tool would show…

Continue reading…

Go to Source