An individual discovered a CSRF vulnerability on Instagram that allowed an attacker to change a user’s comment filter preferences on behalf of the targeted user.
This was achieved by exploiting a lack of verification of CSRF tokens in the request headers.
After reporting this vulnerability, it was fixed, and further internal research revealed additional vulnerable endpoints that could potentially allow account takeover.
The individual who discovered the issue was awarded a bounty for reporting the CSRF vulnerability.
This highlights the importance of properly validating and verifying requests to prevent CSRF attacks, and the importance of thorough internal security audits to identify and address all related vulnerabilities.
It is important to keep all software up to date and to implement the latest security protocols in order to minimize vulnerabilities.
This is especially true for companies who handle large amounts of user data like Instagram.