Instagram has patched a new flaw that allowed anyone to view archived posts and stories posted by private accounts without having to follow them. Security researcher Mayur Fartade disclosed the issue to Facebook’s security team on April 16, 2021, following which the shortcoming was patched on June 15. He was also awarded $30,000 as part of the company’s bug bounty program. Facebook has since addressed both the leaky endpoints and has also patched the flaw on April 23 and April 16.
Source: https://thehackernews.com/2021/06/instagram-bug-allowed-anyone-to-view.html