Instagram has rewarded Jaipur student Neeraj Sharma with 38 lakh. He got this reward for finding a bug and saving millions of Instagram accounts from being hacked. As per information, Sharma found a bug on Instagram. Due to this bug, thumbnails could be changed in any user’s account without login and password.
Instagram rewarded a Jaipur Student with $45,000 for addressing vulnerabilities
The bug made Instagram accounts vulnerable to hackers who could have issued the thumbnail feature without even using the login credentials. Sharma informed Meta about the bug on Instagram and Facebook back in January. When he faced some issues with his own Instagram account. The company acknowledged the issue and the company asked him to share a demo of the same.
He later proved his report by showing a 5-minute demo in which he changed the thumbnail of a Reel without the account credentials. After conducting a thorough investigation, Facebook approved his report on May 11 and awarded him with a reward of $45,000, which translates to Rs 38 lakh. Facebook also offered $4500 i.e Rs 3.6 lakh for delaying the reward by four months
Neeraj gives the following statement:
There is a bug in Facebook’s Instagram, through which anyone can change the thumbnail of the reel from any account. All it required was the media ID of the account to change it no matter how strong the password of the account holder is.
“In December last year, I started finding fault with my Instagram account. After a lot of hard work, on the morning of January 31, I came to know about the (bug) mistake on Instagram. After this, I sent a report to Facebook about this mistake on Instagram at night and received a reply from them after three days. It asked me to share a demo,” he said.
Meta is running Bug Bounty Program live for Programmers
To enhance Facebook and Instagram security, Meta is running a Meta Bug Bounty program live for programmers. The company also rewards external programmers and researchers heavily if they find security vulnerabilities in Meta technologies and programs. “We recognize and reward security researchers who help us to keep people safe by reporting vulnerabilities in our products and services. Monetary bounties for such reports are entirely at Meta’s discretion, based on risk, impact, the number of vulnerable users, and other factors,” Meta’s bug bounty program policy reads.
Thanks for reading!!