21 years old hacker wins Rs 22 lakh from Facebook for highlighting Instagram bug
By MYBRANDBOOK
An Indian hacker has been awarded Rs 22 lakh by Facebook for discovering malicious bugs on the Instagram app. The bug that was discovered allowed anyone to view archived posts, Stories, Reels and IGTV without following the user, even when the profile is private. Although Facebook had now addressed the issue, the bug, if remained untouched, would have let hackers gain illegal access to the private pictures, videos of users without following them.
Solapur-based Mayur Fartade, who possesses skills like C++, Python, was able to spot the bug that allowed hackers to view targeted media on Instagram. The bug could have exposed a user's private photos including private/archived posts, stories, reels, IGTV without following the user using Media ID. He explained in a detailed post on Medium that the attacker could also store photos, videos and details about specific media by brute-forcing Media ID’s.
Fartade is a computer science engineering student. He said that he was testing the Instagram app for a week but did not find any bugs initially. But later when he dug deeper into the features like insights, promotions, he was able to spot the malicious bug on Instagram. Fartade, who is only 21 years old, said that this was his bounty; he has reported bugs with government websites when he was in the second year of college. He wishes to pursue bug bounty hunting as a part-time thing but wants to become a software developer.
Fartade first reported about the Instagram bug through the Facebook Bug bounty program on April 16. He got a response from Facebook on April 19 where the social media giant requested him to provide further information about the same. On April 29, Facebook patched the vulnerability and on June 15 he was finally awarded Rs 22 Lakh for unearthing the dangerous bug. The information obtained from Instagram could also be used to get access to the Facebook pages attached to the Instagram account.
In a letter Facebook thanked Fartade for his report. The letter read, “After reviewing this issue, we have decided to award you a bounty of $30000. Below is an explanation of the bounty amount. Facebook fulfils its bounty awards through Bugcrowd and HackerOne. Your report highlighted a scenario that could have allowed a malicious user to view targeted media on Instagram. This scenario would require the attacker to know the specific media ID. We have fixed this issue. Thank you again for your report. We look forward to receiving more reports from you in the future!”
TAC Security becomes Cyber Security Assessor for the App Defen
The cybersecurity company, TAC Security has been selected as a key Cyber ...
InterGlobe’s Rahul Bhatia and C.P. Gurnani together announce
In a move that is set to transform the AI landscape, Rahul Bhatia, Group M...
Download masked Aadhaar to improve privacy
Download a masked Aadhaar from UIDAI to improve privacy. Select masking w...
Sterlite Technologies' Rs 145 crore claim against BSNL rejecte
An arbitrator has rejected broadband technology company Sterlite Technolog...
DIGISOL SYSTEMS LTD.
AMARA RAJA POWER SYSTEMS LTD.
VVDN TECHNOLOGIES
DELL TECHNOLOGIES INDIA PVT. LTD.
Technology Icons Of India 2023: Byju Raveendran
Byju Raveendran is the founder of edutech start-up Byju’s. Raveendra...
Technology Icons Of India 2023: Lt Gen (Dr.) Rajesh Pant (Retd.)
LT Gen(Dr.) Rajesh Panth (Retd.), National cyber security coordination...
Technology Icons Of India 2023: Nandan Nilekani
Nandan Nilekani is the Co-Founder and Chairman of the Board, Infosys T...
STPI encouraging software exports from India
Software Technology Parks of India (STPI) is an S&T organization under...
BBNL empowering rural India digitally
BBNL provide high speed digital connectivity to Rural India at afforda...
ECIL continues to keep India ahead in the growth of Information Technology and Electronics
ECIL played a very significant role in the training and growth of high...
WPG C&C COMPUTERS & PERIPHERALS PVT. LTD.
WPG C&C Computers & Peripherals (India) was incorporated in 2008 and ...
ACCERON INFOSOL PVT. LTD.
It is a leading value added distributor in the IT security space and h...
Crayon Software Experts India Pvt Ltd
Crayon helps its customers build the commercial and technical foundati...