Instagram has rewarded a Jaipur-based student with Rs 38 lakh for reporting a bug that could have made millions of user accounts vulnerable to hackers.
Instagram has rewarded a Jaipur student with Rs 38 lakh for finding a bug and saving millions of Instagram accounts from being hacked. Sharma reported a bug that let users change the thumbnail of their Instagram Reels from any account without entering their login and password.
The bug made Instagram accounts vulnerable to hackers who could have issued the thumbnail feature without even using the login credentials. Luckily, Sharma’s discovery prevented any major damage from occurring, and we’re grateful that he took the time to report the issue.
Sharma alerted Meta of the bug on Instagram and Facebook back in January after he experienced some problems with his own Instagram account. The company acknowledged the issue and asked him to provide a demo of the same. He later proved his report by showing a 5 minute demo in which he changed the thumbnail of a Reel without the account credentials.
After conducting a thorough investigation, Facebook approved his report on May 11 and awarded him with a reward of $45,000, which translates to Rs 38 lakh. Facebook also offered $4500, i.e. Rs 3.6 lakh, for delaying the reward by four months.
Meta is running a Meta Bug Bounty program to encourage programmers to find and report security vulnerabilities in Meta technologies and programs. “We recognise and reward security researchers who help us to keep people safe by reporting vulnerabilities in our products and services. Monetary bounties for such reports are entirely at Meta’s discretion, based on risk, impact, the number of vulnerable users, and other factors,” Meta’s bug bounty programme policy reads.