Instagram confirmed on Tuesday that security researcher Christian Lopez Martin discovered a bug which, when exploited, could expose a user’s private photo feed to the public. As Forbes noted, Instagram fixed the bug in early February, but only after it had been a vulnerability for the previous six months. As a reward for finding the exploit, Instagram paid Martin an undisclosed sum per its bug bounty program. Instagram told Re/code that it had found no evidence of any accounts compromised using the bug.
This article originally appeared on Recode.net.