More than a month after winning $30,000 from Facebook for spotting a flaw in Instagram, Chennai-based security researcher Laxman Muthiyah on Monday said he again discovered a new vulnerability on Instagram. This time he has won $10,000 as part of Facebook's bug bounty program. He spotted "insufficient protections on a recovery endpoint", allowing anyone to hack Instagram accounts.