Instagram to serve more ads
Instagram is running a new test in which a small percentage of users are now served two back-to-back Stories ads instead of just one. The company said that its main goal here is to see whether back-to-back ads will provide a smoother experience for its users.
It has been claimed that Instagram’s parent company, Facebook, is putting pressure on it to include more and more ads. On the whole, Facebook ordered Instagram to double the number of ads over the past year.
- Read also: How to gain followers on Instagram
New messaging app called Threads
Facebook is almost ready to launch a new messaging app called Threads that will allow Instagram users to share content and communicate with their closest friends.
The companion app to Instagram invites users to automatically share their location, speed, and battery life. All these come along with more typical text, photo, and video messages. The service is undergoing closed beta testing.
Threads regularly updates statuses of users, or they can do it manually. At the moment, Threads does not show a real-time location but says that a user is “on the move”. Messages appear in a central feed; a user’s friends who are currently online have a green dot by their side—the same as on Facebook.
Account takeover vulnerability
A security researcher Laxman Muthiyah has discovered an account takeover vulnerability on Instagram.
Muthiyah found that the same device ID—the unique identifier used by Instagram server to validate password reset codes —can be used to request multiple codes of different users. This vulnerability can be exploited to hack Instagram accounts.
“There are one million probabilities for a 6-digit code (from 000001 to 999999). If we are requesting codes of multiple users, we are increasing the probability of hacking accounts. For example, requesting codes for 100,000 users from the same device ID results in a 10% success rate. However, if we request one million user codes, we can easily hack one million accounts,” Muthiyah explained.
The researcher reported the vulnerability to the Facebook and Instagram security team and was awarded $10,000 for that.