Facebook fixed two glaring security issues on Instagram that allowed attackers to carry out brute-force attacks and take over user accounts without too many difficulties.
Belgian security researcher Arne Swinnen discovered both issues, one that affected Instagram's Android login form, and another one that affected Instagram's Web-based registration system.
The researcher says that both brute-force attack issues were exploitable due to Instagram's lackadaisical password policy, the fact that it still uses incremental user IDs, and because it lacked proper rate limiting protection.
