10th October 2020, Kathmandu
Prava Basnet, Nepali bug bounty hunter has been awarded $3,000 after discovering bugs on Facebook. The bugs (security vulnerability) were related to Facebook and Instagram.
In fact, she discovered 2 bugs on the platform.
Let’s first get to know what these bugs were.
One of the bugs that she reported was the photo uploaded to Instagram’s story was also shared on Facebook. The social media giant has fixed this bug and awarded Prava with a thousand dollar bug bounty.
Basically, this flaw would share an Instagram story to Facebook without the user’s consent.
Another bug was related to the linked accounts on Facebook and Instagram.
“In some cases, it was still possible to log in to Instagram with a linked Facebook account even if the linked accounts feature was switched off.” – Message from Facebook.
For reporting this bug, Facebook has awarded Prava with a bug bounty of $2,000.
Normally, Facebook awards a bug bounty of less than $500 but since these bugs were serious threats to security. Prava says that when a hacker gets access to a Facebook account, s/he can easily hack Instagram automatically.
With this, she is on her path to becoming the first female bug bounty hunter to be listed on the Facebook White Hat Thanks page.
Recently, Facebook had awarded Saugat Pokharel with a $6,000 bug bounty. Read more of that here.
Saugat Pokharel has revealed via Facebook post that Prava was inspired by him. Have a look: