There is a security flaw in instagram in updating the email Id. Here is how you can exploit.
- Create a instagram account, use your genuine email Id
- Once the signup is complete, log off
- Now go to instagram and say forgot password.
- Instagram will send a mail to the email and in bottom there is a link to 'Remove your email from this account.'
- Click on that link
- Now your instagram account is delinked with the email address
- Now again Try to log into account using your instagram Id, now provide the password.
- In next screen you will be asked to provide the email Id to link.
- In above step you can provide any email Id (if not used in instagram), there is no verfication required!!
Top comments (2)
No verification apart from the valid username and password, right?
Yes.