21 years old hacker wins Rs 22 lakh from Facebook for highlighting Instagram bug
By MYBRANDBOOK
An Indian hacker has been awarded Rs 22 lakh by Facebook for discovering malicious bugs on the Instagram app. The bug that was discovered allowed anyone to view archived posts, Stories, Reels and IGTV without following the user, even when the profile is private. Although Facebook had now addressed the issue, the bug, if remained untouched, would have let hackers gain illegal access to the private pictures, videos of users without following them.
Solapur-based Mayur Fartade, who possesses skills like C++, Python, was able to spot the bug that allowed hackers to view targeted media on Instagram. The bug could have exposed a user's private photos including private/archived posts, stories, reels, IGTV without following the user using Media ID. He explained in a detailed post on Medium that the attacker could also store photos, videos and details about specific media by brute-forcing Media ID’s.
Fartade is a computer science engineering student. He said that he was testing the Instagram app for a week but did not find any bugs initially. But later when he dug deeper into the features like insights, promotions, he was able to spot the malicious bug on Instagram. Fartade, who is only 21 years old, said that this was his bounty; he has reported bugs with government websites when he was in the second year of college. He wishes to pursue bug bounty hunting as a part-time thing but wants to become a software developer.
Fartade first reported about the Instagram bug through the Facebook Bug bounty program on April 16. He got a response from Facebook on April 19 where the social media giant requested him to provide further information about the same. On April 29, Facebook patched the vulnerability and on June 15 he was finally awarded Rs 22 Lakh for unearthing the dangerous bug. The information obtained from Instagram could also be used to get access to the Facebook pages attached to the Instagram account.
In a letter Facebook thanked Fartade for his report. The letter read, “After reviewing this issue, we have decided to award you a bounty of $30000. Below is an explanation of the bounty amount. Facebook fulfils its bounty awards through Bugcrowd and HackerOne. Your report highlighted a scenario that could have allowed a malicious user to view targeted media on Instagram. This scenario would require the attacker to know the specific media ID. We have fixed this issue. Thank you again for your report. We look forward to receiving more reports from you in the future!”
BREAKING NEWS
TECHNO TRENDS
TAC Security becomes Cyber Security Assessor for the App Defen
The cybersecurity company, TAC Security has been selected as a key Cyber ...
InterGlobe’s Rahul Bhatia and C.P. Gurnani together announce
In a move that is set to transform the AI landscape, Rahul Bhatia, Group M...
Download masked Aadhaar to improve privacy
Download a masked Aadhaar from UIDAI to improve privacy. Select masking w...
Sterlite Technologies' Rs 145 crore claim against BSNL rejecte
An arbitrator has rejected broadband technology company Sterlite Technolog...
E-Magazine
TECHNOTAINMENT
Salman Khan trolled for singing with B Praak at Anant Ambani's
To celebrate Mukesh Ambani's youngest son Anant Ambani’s 29th birthday
Disney+ Hotstar wins the Best OTT Platform of the year
Film Critics Guild and Group M Motion Entertainment, in collaboration with
MOVERS & SHAKERS
SISL elevates Ankita Wadhawan as CEO—End User Computing
The IT service provider, SISL in a LinkedIn post announced the elevation
InfoVision appoints Radhika Venkatraman to its Advisory Board
Global digital services company, InfoVision has announced the appointment
OPEN YOUR EYES
INTERVIEWS
Elastic democratizing search with powerful AI and ML-enabled s
Elastic is always committed to staying ahead of the curve and constantly re
Making security more accessible, CP PLUS stands unrivaled as a
The topmost priority of CP Plus is to establish a dedicated R&D Hub in Indi
HOT PICK
Dell Technologies launches new AI-powered commercial PC portfo
Dell Technologies has launched the broadest portfolio of commercial AI lap
Canon India Introduces 4K Remote PTZ Camera Controller & 4K In
Canon India, a leading company in digital imaging solutions, further solidi
MAKE IN INDIA BRANDS
DIGISOL SYSTEMS LTD.
AMARA RAJA POWER SYSTEMS LTD.
VVDN TECHNOLOGIES
DELL TECHNOLOGIES INDIA PVT. LTD.
EMINENT CIO'S OF INDIA
ICONS OF INDIA
Technology Icons Of India 2023: Byju Raveendran
Byju Raveendran is the founder of edutech start-up Byju’s. Raveendra...
Technology Icons Of India 2023: Lt Gen (Dr.) Rajesh Pant (Retd.)
LT Gen(Dr.) Rajesh Panth (Retd.), National cyber security coordination...
Technology Icons Of India 2023: Nandan Nilekani
Nandan Nilekani is the Co-Founder and Chairman of the Board, Infosys T...
PARTNER SPEAKERS
PSU
STPI encouraging software exports from India
Software Technology Parks of India (STPI) is an S&T organization under...
BBNL empowering rural India digitally
BBNL provide high speed digital connectivity to Rural India at afforda...
ECIL continues to keep India ahead in the growth of Information Technology and Electronics
ECIL played a very significant role in the training and growth of high...
VIDEOS
Top 25 Brands
Value-Added Distribution
WPG C&C COMPUTERS & PERIPHERALS PVT. LTD.
WPG C&C Computers & Peripherals (India) was incorporated in 2008 and ...
ACCERON INFOSOL PVT. LTD.
It is a leading value added distributor in the IT security space and h...
Crayon Software Experts India Pvt Ltd
Crayon helps its customers build the commercial and technical foundati...
ITFORUM 2024
WIITF 2024
CMO of the Year
WOMEN LEADERSHIP
EMINENT CIO's OF INDIA
TRENDS IN TECHNOLOGY
MORE VIDEOS
ADVERTISEMENTS
TECHNOLOGY DISRUPTION
UNICORNS REVOLUTIONISING
