Instagram has addressed a new flaw that allowed anyone to access private accounts viewing archived posts and stories without having to follow them. The expert reported the flaw to Facebooks security team on April 16, 2021, and the company addressed the issue on June 15. The company awarded the expert with a $30,000 payout as part of its bug bounty program. An attacker could have been able to see details of private/archived posts, stories, reels, IGTV without following the user using Media ID.”]
Source: https://securityaffairs.co/wordpress/118994/security/instagram-flaw-2.html