An Indian hacker has been awarded Rs 22 lakh by Facebook for reporting malicious bugs on the Instagram app. Due to the bug, even if the profile was set to be private, any user was allowed anyone to view archived posts, stories, reels, and IGTV without following the original user.

Due to this bug, it would have been easy for the hackers to gain illegal access to private details like- pictures, videos of users without following them. After the complaint, Facebook had now addressed to resolve the bug.

About the bug and how Mayur got rewarded

Mayur Fartade is a Solapur-based hacker who was able to spot the bug. Fartade shared a post where Facebook thanked him for highlighting the issue and awarded him the amount.

Check out Mayur’s tweet in which he informed about the reward

Facebook awarded Mayur a lump sum amount of 22 lakh (3000$) and said that-

“The report highlighted a scenario that could have allowed a malicious user to view targeted media on Instagram. This scenario would require the attacker to know the specific media ID. We have fixed the issue. We look forward to receiving more reports from you in the future.”

Mayur had reported Facebook about this Instagram bug on 16th April. After this, the company addressed it till 15th June. Mayur disclosed about the bug on 23rd April.


Also Read: “Tech Giants Facebook, Twitter, WhatsApp have double standards in India”: IT Veteran Mohandas Pai


What is Bug bounty

Bug bounty programs are organized by big companies. It includes, rewarding people after they report a defect on the website or other platform of these companies. For this, the company has to be briefly explained about the flaws or bugs and details have to be provided.

After the scenario gets explained, the company decides how serious this flaw is. Based on the severity of the flaw or bug, the reward amount is decided by the company.


Also Read: Nandigram Poll Results: Mamata Banerjee Claims Case Judge Kausik Chanda BJP member


Case of an Indian security researcher Laxman Muthiyah

Indian security researcher Laxman Muthiyah highlighted a bug in the Instagram app, reporting which he was rewarded $30,000 by the platform as part of its bug bounty program. Once again after some time, Muthiyah has reported another ‘similar’ issue with the platform and has this time and got $10,000 in reward.

Muthiyah wrote in his recent blog post that the new spotted bug in Instagram allowed the same device ID, the unique identifier used by the Instagram server to validate password reset codes, to be used to request multiple passcodes of different users. This made Instagram accounts vulnerable to be exploited.

Check Muthiyah’s blogpost here: https://thezerohack.com

The points he highlighted, is similar to the one he reported in back in July, which allowed him to “hack any Instagram account without consent permission”. He had said that the hack was as simple as initiating a password reset, requesting for a recovery code, or quickly trying out possible recovery codes against the account.

When Muthiyah posted about the bug on his blog, the issue had already been fixed by Facebook. After the successful fixing of the issue of the bug he said that-

“Facebook and Instagram security team fixed the issue and rewarded me $10000 as a part of their bounty programme.”


Also Read: Neena Gupta in conversation with Sonali Bendre reveals her life struggles after leaving Vivian


Ten year old received a $10,000 reward for locating Instagram bug

Back in 2016, a 10-year-old Finnish schoolboy has received a $10,000 bounty from Facebook after finding vulnerability in Instagram’s code. Instagram, which was bought by Facebook in 2012 for $1bn, is part of the Facebook “bug bounty” program, created in 2011, under which people who spot bugs in Facebook’s digital giant are given a reward.

He is the youngest person ever to receive the bounty; he is just 10-year-old. The bug he reported had the problem that it allowed other people’s comments to be deleted, though not in bulk, and was reported and fixed in February. His reward was paid out in March.

According to the Helsinki-based newspaper Iltalehti, the Finnish boy has been interested in coding and video games for two years. He became interested in information security, which he said would be his “dream job”, and honed his craft using instructional videos on YouTube.

On being able to highlight the bug, he said that-

“I tested whether the comments section of Instagram can handle harmful code. Turns out it can’t. I noticed that I can delete other people’s comments from there. I could have deleted anyone’s – like Justin Bieber’s for example – comments.”