Arul Kumar, an 21 year old engineering student from Salem, Tamil Nadu will get a reward of Rs 8 lakhs for discovering a bug on Facebook. The bug allowed users to remove pictures from accounts without the owners knowledge.
Arul graduated from the Hindustan Institute of Technology in Coimbatore in June has been awarded under Facebook’s bug bounty program that gives incentives to those who find flaws on the networking site. Arul told the Hindu that he likes to test the security features of popular sites like Google and Facebook for bugs. During one of his sessions he found a bug on Facebook that allows users to delete pictures from another accounts.
Arul explained that a picture on Facebook could be removed in two ways- either the account owner removes it or somebody else who has a problem with it uses the dashboard to request the Facebook team to remove it.
He added, “But Facebook also has an option that asks the user who uploaded the picture to remove it. When I tested the feature, it turned out the request to remove the picture was sent to the person who wanted it removed, and not to the one who uploaded it — that was the bug.”
Initially, Facebook rejected his claim, stating that they were unable to find the bug. However Arul sent a detailed report along with a video of the malfunction to Facebook and now the site has accepted that the bug exists and has rectified it. Recently, Arul received a response from Facebook stating that his video was helpful, and he will be awarded $12,500 (Rs. 8.2 lakhs approx.) for finding the bug.
Source: The Hindu
- Salem youth gets a reward of Rs. 8 lakh from Facebook (thehindu.com)
- Security Researcher Arul Kumar Finds A Facebook Bug That Allowed Deleting Any Photo Off Facebook. Receives $12500 Bounty (lighthouseinsights.in)