If you think only your friends and family are privy to your private moments on Facebook, think again. A Bangalore based techie has just reported a bug to Facebook, which, if left unfixed, could’ve compromised the security of millions of Facebook accounts.
The techie in question is a Flipkart employee, Anand Prakash, who works as a security engineer at Flipkart. When Prakash found the bug, he promptly reported it to Facebook.
“This [the vulnerability] gave me full access to another users account by setting a new password. I was able to view messages, his credit/debit cards stored under payment section, personal photos etc. “, Prakash says on his blog.
After investigating, Facebook found the bug to be severe and decided to reward Prakash with a generous bounty of $15,000 or approximately Rs. 10 lakh.
Interestingly, this is not Anand Prakash’s first reward from reporting a bug. He’s earned over a crore from reporting bugs to various companies over the last few years.
The practice of hackers proactively going through websites and spotting vulnerabilities for rewards is not uncommon. Websites too encourage ethical hackers to find loopholes in their systems and report vulnerabilities. Microsoft had famously launched a “$100K bug bounty program” in 2013. In fact the same year, another Indian engineer had reported a critical bug, also to Facebook and earned a $12,000 bounty. Facebook’s reward of $15,000 may sound generous even by industry standards, but considering that the company is worth over $190 billion and is built on the trust of millions of people, the reward sounds worth the risk averted.