Indian hacker wins Rs 22 lakh from Facebook for highlighting Instagram bug

Solapur-based Mayur Fartade, who possess skills like C++, Python, was able to spot the bug that allowed hackers to view targeted media on Instagram.

Facebook has awarded Rs 22 lakh to an Indian hacker for discovering malicious bugs on the Instagram app. The bug that was discovered allowed anyone to view archived posts, Stories, Reels and IGTV without following the user, even when the profile is private. Although Facebook had now addressed the issue, the bug if remained untouched would have let hackers gain illegal access to the private pictures, videos of users without following them. Solapur-based Mayur Fartade, who possess skills like C++, Python, was able to spot the bug that allowed hackers to view targeted media on Instagram. The bug could have exposed a user's private photos including private/archived posts, stories, reels, IGTV without following the user using Media ID. He explained in a detailed post on Medium that the attacker could also store photos, videos and details about specific media by brute-forcing Media ID’s. “Data of users can be read improperly. An attacker could be able to regenerate valid cdn url of archived stories & posts. Also by brute-forcing Media ID’s, an attacker could be able to store the details about specific media and later filter which are private and archived,” he said in the blog post.