Chennai techie gets Rs 20 lakh from Facebook for finding a bug

New Delhi : Laxman Muthiyah, a Chennai-based techie, has been awarded with Rs 20 lakh as a part of a bug bounty programme after he spotted a flaw in Facebook-owned photo-sharing app Instagram.

He said that the vulnerability allowed him to hack any Instagram account without consent permission.

Mr. Muthiyah claimed that he was able to take over someone's Instagram account by resetting the password or quickly trying out possible recovery codes against the account.

“I reported the vulnerability to the Facebook security team and they were unable to reproduce it initially due to lack of information in my report. After a few email and proof of concept video, I could convince them the attack is feasible,” Muthiyah wrote in a blog post this week.

The Facebook and security teams have now fixed the issue and awarded the techie with $30,000 as a part of their bounty programme, he added.

Paul Ducklin, Senior Technologist at cyber security major Sophos, however, warned while the vulnerability found by Muthiyah no longer existed, users should familiarise themselves with the process of getting back control of their social media accounts, in case they get hacked.

“In case any of your accounts do get taken over, familiarise yourself with the process you’d follow to win them back. In particular, if there are documents or usage history that might help your case, get them ready before you get hacked, not afterwards,” Ducklin said in a statement.