Any software or computer system is vulnerable to hacks. This is why companies pay to keep their systems secure or pay people who spot critical vulnerabilities.
This problem is further compounded with tech companies who can be in serious trouble if they have serious vulnerabilities in their systems. Well, Instagram had a serious one and Facebook quickly patched it.
According to Hacker News, Facebook recently patched a critical vulnerability that could have allowed hackers to compromise any Instagram account without the interaction of the targeted users.
One of the vulnerabilities detailed is one where a remote attacker could reset the password for any Instagram account and take complete control over it. As you know, the password reset option is used by users daily when they forget their passwords and undermining the security of this would have caused havoc on Instagram.
This vulnerability was discovered and reported by an Indian bug bounty hunter. This critical vulnerability of the password recovery mechanism was in the mobile version of Instagram. Apparently this loophole could have allowed hackers to access your account within the 10 minutes of leeway Instagram has for concurrent requests.
Thanks to him finding the vulnerability, Facebook fixed the issue and rewarded him $30,000 as part of their bounty program.
Apparently there are some vulnerabilities that were recently patched and some are still under the process of being fixed, and probably most likely others do exist but they haven’t been found.
To prevent such loopholes from affecting you, especially the password reset one, Instagram recommends you enabling 2 factor authentication to further secure your account. This will prevent hackers from accessing your accounts even if they somehow steal your passwords.