Instagram is a competitive and leading social network to connect with family and friends with more than a billion users around the world.
An Indian techie name Mayur Fartade has been awarded Rs 22 lakh from Facebook for uncovering a malicious bug on the Instagram app.
Everyone well sure knows this feature of Instagram that it has a ‘privacy’ feature which doesn’t allow others to view your profile if they don’t follow you.
But on 16th April 2021, an Indian techie Mayur Fartade reported the bug to Facebook about Instagram which use to allow anyone to view and ingress anyone’s private Instagram account archived posts, Reels, Stories, and IGTV videos without following them.
Facebook had now inscribed the issue that if the bug wasn’t reported and taken action it would have let hackers gain direct access to the content of Instagram users without their consent.
About Mayur Fartade
Mayur Fartade is a resident of Solapur district under the state of Maharashtra. Fartade is a computer science engineering student and owns technical skills such as C++ and Python.
Mayur first reported the bug to Facebook on 16th April and Facebook responded to him on April 19th seeking more information about the bug and then resolved the error.
Facebook finally awarded Mayur on June 15th with Rs 22 lakh and thanked him for reporting such a serious bug that would have allowed a malicious user to view targeted media on Instagram and the attacker would know the specific media ID.
Facebook Thanked Mayur Fartade in Letter
“After reviewing the bug, we have decided to award you a bounty of $30,000. Facebook fulfills its bounty awards through Bugcrowd and HackerOne. Your report highlighted a scenario that could have allowed a malicious user to view targeted media on Instagram. This scenario would require the attacker to know the specific media ID. We have fixed this issue. Thank you again for your report. We look forward to receiving more reports from you in the future!” Facebook wrote in a letter to Fartade.”
Saugat Pokharel from Nepal Awarded $6000 from Instagram Bug Bounty
Saugat Pokharel is an independent security researcher and once he came across a bug of Instagram that when he downloaded his data there were also some private messages and photos attached to it which he believes that he had deleted a year ago.
Every company has a duration to keep the data for a period of time like 30 days or 60 days after that company permanently destroys the data from its server and in the case of Saugat, the data was more than a year old.
Saugat then reported this bug to Instagram via the Bug Bounty program in October 2019. He reported this bug to TechCrunch and further TechCrunch informed the official company of Instagram.
Instagram revealed the reason that because of bugs, deleted images and messages of people were included in a copy of their information when they Download Your Information tool on Instagram.
The Instagram official thanked Saurabh Pokharel for reporting such a serious bug and that too on time and awarded him a $6000 payout.
At the current time technology industry really needs such brilliant minds like Mayur Fartade and Saurabh Pokharel to protect the data.