Mayur Fartade, a Solapur-based hacker, was rewarded Rs 22 lakh ($30000) by Facebook for spotting the malicious flaws on Instagram.
An Indian hacker has been paid Rs 22 lakh by Facebook for identifying malicious flaws in the Instagram app. Even if the user’s profile was private, the bug permitted anyone to view archived posts, Stories, Reels and IGTV without having to follow them. Because of this flaw, hackers would have had easy access to users’ private information, such as photos and videos, without having to follow them. Following the disclosure of this bug, Facebook has now fixed the flaw.
Mayur Fartade, a Solapur-based hacker, discovered the flaw. Fartade took to Twitter to share a post in which Facebook thanked him for bringing attention to the issue and granted him the money.
Facebook awarded Fartade 22 lakh (3000$) and said, “The report highlighted a scenario that could have allowed a malicious user to view targeted media on Instagram. This scenario would require the attacker to know the specific media ID. We have fixed the issue. We look forward to receiving more reports from you in the future”, read the statement.
On April 16, Mayur notified Facebook about the bug in Instagram. Following that, the Facebook patched it up until June 15th. Bounty hunters are usually instructed to keep the bug a secret until the problem is fixed so that no one may exploit it. Mayur claims to have revealed the second endpoint on April 23.
In a letter to Fartade, Facebook expressed gratitude for his findings. The letter read “After reviewing this issue, we have decided to award you a bounty of $30000. Below is an explanation of the bounty amount. Facebook fulfils its bounty awards through Bugcrowd and HackerOne. Your report highlighted a scenario that could have allowed a malicious user to view targeted media on Instagram. This scenario would require the attacker to know the specific media ID. We have fixed this issue. Thank you again for your report. We look forward to receiving more reports from you in the future!”
Bug Bounty Programs
Bug bounty programs are usually established by large organizations. Under this bounty program, organizations reward people who report the flaw on the company’s website or other platform. To do so, the organization must be briefed on the flaws or vulnerabilities, and the specifics provided. Following that, the organization determines the severity of the problem. The award amount is then determined based on the severity of the flaw or bug by the organization.