Broken Link Hijacking

Rohmad Hidayah
3 min readDec 8, 2023

Have you ever seen social media icons such as Instagram, Facebook, YouTube, etc. connected to this website?

Have you ever touched the link?

And have you ever gotten an error when visiting that link? The error is a vulnerability called broken link hijacking.

Your link is broken sir

In this write-up, I will discuss what broken link hijacking is and how to exploit it.

Before continuing, I want to explain in simple terms what broken link hijacking is.

Broken link hijacking is a vulnerability that occurs where a link that is for example used for promotion is damaged and expired. This vulnerability is usually related to phishing or social engineering to trick the victim.

OK, moving on to the main topic, let’s say we have a target, namely

And on the site there are social media links such as Instagram, Facebook, YouTube, and so on. When we touch the Instagram link, we are directed to the Instagram account page with an error. Image as below.

It’s broken, sir

The link will look like this, where ABC is the username of the Instagram account that had the error.

And how to exploit it?

Steps to Reproduce:

1. Go to your Instagram account.

2. Change your username, which was originally qwerty, to ABC (where ABC is the username of the Instagram account that had the error)

Like this

and also make sure the username (ABC) is available.

3. Go to the home page of and click the Instagram icon again or on the Instagram page that had the error, reload the page.

4. Boom,

We did it

5. We have successfully claimed the username of the Instagram account and if the user visits the Instagram account, he will be redirected to the attacker’s (namely our) Instagram account page.

Your reaction

Note: make sure the Instagram account username is available, otherwise it will be difficult to exploit :(.


  1. Damaging the website owner’s reputation.
  2. Loss of user and audience trust.


Update your social media links regularly.


Submit: November 2, 2023

Accepted: November 3, 2023

Resolved: November 27, 2023

Reward: Dec 6, 2023