A student from Jaipur, Neeraj Sharma, was awarded $45,000 by the Meta-owned Instagram instant messaging app for saving the data of millions of users. Neeraj spotted a dangerous Instagram Bug that might have enabled hackers to get into social media accounts. According to sources, the Instagram bug allowed hackers to modify the thumbnails of any account without requiring a username or password. Sharma told Instagram and Facebook about the vulnerability, and following verification, the social media platform rewarded him with Rs. 38 lakh.
Sharing details about the bug, he said, “There was a bug on Facebook’s Instagram, through which the reel thumbnail could have been changed from any account. All it took was the media ID of the account to change it, regardless of the strength of the account password.” “He started finding this bug in his Instagram account in December last year and almost a month later, on January 31, he discovered the bug. After that, he reported the Instagram bug to Facebook on Instagram and received a response from them after three days in which they asked him to share a demo,” he added.
By modifying the thumbnail, Sharma proved the vulnerability in 5 minutes. On May 11, the social media site endorsed his complaint and gave him a letter. The letter stated that he had been awarded a $45,000 (about $38 million) bug bounty for reporting the Instagram bug. Not only that, but Facebook also gave away $4500 (about Rs. 3 lakh) in bonuses due to the four-month wait in awarding the incentive.
Know about Meta Bug Bounty Program
Meta has a live Meta Bug Bounty program for people to uncover bugs and vulnerabilities in the platform to enhance the user experience. External programmers and researchers are also rewarded for finding security flaws in meta technologies and applications.