First bounty: broken link hijacking

I picked my target and started looking around. I found a web page that was not up-to-date anymore and it contained a link to a non-existing Instagram account. I quickly created the account and submitted my report. I started searching to see if this link occurred on more web pages. I found out that their Flemish emails also contained the link.

When I finally got an update on my submission, I was disappointed. They marked it as a duplicate. I didn’t understand it because the account was owned by me. How is it possible to be a duplicate? I asked customer support how this could be a duplicate and they told me that the first report indeed was about the URL on the page I found. I asked them about the link in the email but they didn’t reply. So I decided to submit it again, this time only mentioning the email in my report. Two weeks later I got my first bounty!




Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store