Recently, a piece of shocking news broke the internet. An Indian researcher found out that Instagram has a bug that is carelessly authorizing access to users’ posts such as stories, archived posts, Reels, and IGTV. What is more shocking is even the private profiles are not safe. This comes as a shocker to many as privacy is at stake. Now the question is who did this? And how he did this? We will tell you all the details right here! This person is an ethical hacker from Solapur and his name is Mayur Fartade. He won a cash prize of Rs 22 lakh for finding and reporting an evil-intentioned bug on Instagram. The ethical hacker informed the video-sharing platform, Instagram of the malicious bug in the app. To all those who don’t know, Instagram is owned by Facebook.
Fartade has done a great job by saving millions of users whose photos and information could have been illegally accessed and shared for ill intentions. The social media giant fixed the notorious defect on 15th June. The bug could have given the freedom to hackers to access photos, videos, and information of users without actually following them. Fartade saved many people whose photos could have been used for illegal practices. Users’ privacy could have been reached. He saved Instagram and Facebook from all the insults. Mayur Fartade is studying Computer Science Engineering and has mastered the skills of C++ and Python. Fartade in order to save the users reported the bug on 16th April 2021. He took to Facebook through their Bug Bounty Programme and lodged the complaint. On 19th April 2021, Facebook responded to him.
They asked him all the details about the bug. Finally, he was awarded the whopping sum of RS. 22 lakh by the social media giant. The bounty hunters are asked to not tell anyone about the bug as hackers can take advantage of it As a result, the entire thing was kept a secret till the social media giant resolved the issue. Mayur Fartade shared his happiness on Twitter once the bug was resolved. Bug Bounty Programmes are mostly arranged by huge companies. Under this, the companies award the people who find and report a bug or defect on the website or other platforms. If anybody finds a bug or defect, they are expected to let the organization know. The organization then takes note of all the details from the researchers. Next, the organization investigates the entire thing and decides how grave the matter is.
If the bug is big, the prize money is enormous too! Thus, it won’t be wrong to say that the award money is decided based on the gravity of the defect. Facebook introduced its Bug Bounty Programme in 2001. Through this scheme, the social media platform gives external researchers are allowed to discover and report security and safety risks. The researchers can report potential threats and security vulnerabilities on Facebook. The scheme helps Facebook detect bugs faster and find a solution. It helps them protect their community. The rewards encourage high-quality research that ultimately helps the social media giant. Over 50 thousand researchers have taken part in this scheme since it came into force ten years back. Approximately 1500 researchers have been awarded under this program till now. Researchers from around the world are given the opportunity to report bugs.
Researchers from over 107 countries have been awarded till now. Many researchers have also officially joined the team of Facebook to save the integrity of the platform. When Facebook collects a report that turns out to be valid, they don’t look at it on the surface level only, rather they go deep into the details. This results in many minute problems related to the bug or defect which helps them find a solution quicker. Organizations can work proactively to improve user satisfaction by working on safety. They appreciate the role external researchers have played in maintaining the security and safety of Facebook users over the years. There have been many examples of reports that helped Facebook discover and fix important issues. Earlier this year, Facebook collected a couple of important reports.
The first one was from the new entrant of the program and the other from one researcher at Google’s Project Zero. They quickly started working on both the reports and found solutions. After finding the initial fix they also did a follow-up review. They used a blend of manual code review and automated detection to increase protections. No proof of exploitation was found in both cases. When their Bug Bounty Program started in 2001, they covered only Facebook’s web page. Today, it has grown immensely, and now it covers all the web and mobile clients across their group of apps such as Instagram, Facebook, Whatsapp, oculus, Workplace, etc. Facebook has now awarded approximately $1.98 Mn to researchers from across the globe. Many people have been awarded for reporting bugs on the social media giant.
$30000 bounty from Facebook
Write-up: https://t.co/teRY3dDqNY#facebook #bugbounty #Instagram #infosec pic.twitter.com/NGU8UjWzAp
— Mayur Fartade (@mayurfartade) June 15, 2021
In 2020, three countries lead the list of the bounties awarded by Facebook. India, Tunisia, and America are leading countries, Facebook confirmed. Selamet Hariyanto has been awarded the highest amount to date to find a bug. The amount was a whopping $80K. The continued work by Facebook and young researchers has contributed to keeping the Facebook community safe and secure. Over the last 10 years, many researchers have contributed immensely with the help of the Bug Bounty Program. Not only Facebook, but many other giants have also taken the help of external researchers to detect bugs and continue to do so. Sometimes, independent researchers come forward when they detect a bug even if there is no Bug Bounty Program in place. Anand Prakash, a cybersecurity researcher from India has fixed a hacking bug for Uber. He was paid a bounty of $6500. In other words, it won’t be wrong to say that such Bug bounty programs prove to be a win-win for big organizations as well as independent researchers.