Twitter
Advertisement

Facebook awards Rs 22 lakh bounty to Indian hacker who spotted malicious Instagram bug

The bug, pointed out to Facebook by Solapur-based bug bounty hunter Mayur Fartade, allows people to access archived posts, Stories, Reels and IGTV.

Latest News
article-main
FacebookTwitterWhatsappLinkedin

Thanks to Mayur Fartade who spotted the bug, Facebook has now resolved the issue that allowed hackers to see targeted media on Instagram. Fartade may have potentially saved many from illegal intrusion into their private photos and videos on the social media platform.

Fartade, skilled in C++ and Python, had explained the bug in a Medium post. As per him, attackers could access private/archived posts, reels, stories and IGTV “without following the user using Media ID.”

Furthermore, these photos, videos and details about specific media could also be stored by intruders using brute-forcing Media ID’s.

Fartade’s blog said, “Data of users can be read improperly. An attacker could be able to regenerate valid cdn url of archived stories & posts. Also by brute-forcing Media ID’s, an attacker could be able to store the details about specific media and later filter which are private and archived.”

This information could also be leveraged to intrude into Facebook pages linked to a person’s Instagram account.

The bug was reported on April 16 via the Facebook Bug bounty program. Facebook replied to Fartade after three days requesting further information about the bug. The issue was resolved on June 15. The social media giant then thanked the hacker for good work with a Rs 22 Lakh reward on April 29.

In a letter to Fartade, Facebook thanked the young techie for his support, “After reviewing this issue, we have decided to award you a bounty of $30000. Below is an explanation of the bounty amount. Facebook fulfils its bounty awards through Bugcrowd and HackerOne. Your report highlighted a scenario that could have allowed a malicious user to view targeted media on Instagram. This scenario would require the attacker to know the specific media ID. We have fixed this issue. Thank you again for your report. We look forward to receiving more reports from you in the future!”

Mayur Fartade, a computer science engineering student, pursues bug bounty hunting as a part-time gig on his way to becoming a software developer.

Find your daily dose of news & explainers in your WhatsApp. Stay updated, Stay informed-  Follow DNA on WhatsApp.
Advertisement

Live tv

Advertisement
Advertisement