Jaipur Student Reports a Critical Bug in Instagram, Wins Rs 38 Lakh as a Reward

Instagram has rewarded a Jaipur-based student with Rs 38 lakh for reporting a bug that could have made millions of user accounts vulnerable to hackers.

Jaipur student reports a critical bug in Instagram

Instagram has rewarded a Jaipur student with Rs 38 lakh for finding a bug and saving millions of Instagram accounts from being hacked. Sharma reported a bug that let users change the thumbnail of their Instagram Reels from any account without entering their login and password. 

The bug made Instagram accounts vulnerable to hackers who could have issued the thumbnail feature without even using the login credentials. Luckily, Sharma’s discovery prevented any major damage from occurring, and we’re grateful that he took the time to report the issue.

Also read: NEET – Experts Share Their Top Tips For Preparing For Exams As A Dropper

Sharma alerted Meta of the bug on Instagram and Facebook back in January after he experienced some problems with his own Instagram account. The company acknowledged the issue and asked him to provide a demo of the same. He later proved his report by showing a 5 minute demo in which he changed the thumbnail of a Reel without the account credentials. 

After conducting a thorough investigation, Facebook approved his report on May 11 and awarded him with a reward of $45,000, which translates to Rs 38 lakh. Facebook also offered $4500, i.e. Rs 3.6 lakh, for delaying the reward by four months.

"There was a bug in Facebook's Instagram, through which the thumbnail of the reel could have been changed from any account. All it required was the media ID of the account to change it, no matter how strong the password of the account holder is. In December last year, I started finding fault with my Instagram account. After a lot of hard work, on the morning of January 31, I came to know about the (bug) mistake on Instagram. After this, I sent a report to Facebook about this mistake on Instagram at night and received a reply from them after three days. It asked me to share a demo," - Jaipur Student

Meta is running a Meta Bug Bounty program to encourage programmers to find and report security vulnerabilities in Meta technologies and programs. “We recognise and reward security researchers who help us to keep people safe by reporting vulnerabilities in our products and services. Monetary bounties for such reports are entirely at Meta’s discretion, based on risk, impact, the number of vulnerable users, and other factors,” Meta’s bug bounty programme policy reads.

Notify of
Inline Feedbacks
View all comments