Facebook’s bug bounty program has paid big dividends over the years, as the company rewards private researchers for uncovering flaws in its own system. And this week, a pretty major one came to light. According to reports, Facebook awarded $30,000 to a security researcher for uncovering vulnerabilities in Instagram’s privacy features.
The vulnerability would’ve allowed hackers to view private content without following a user’s account. It also would’ve allowed them to extract the addresses of Facebook pages linked to an Instagram account.
“This bug could have allowed a malicious user to view targeted media on Instagram. An attacker could have been able to see details of private/archived posts, stories, reels, IGTV without following the user using Media ID,” bug bounty hunter Mayur Fartade wrote in a blog post. “Data of users can be read improperly… an attacker could store the details about specific media and later filter which are private and archived.”
The fact that Facebook awarded Fartade $30,000 speaks to how serious this issue could’ve been. Of course, it would be nice if a company with the resources of Facebook could adequately take care of its own problems without needing to rely on outside help. But at least there are enough researchers out there willing to dedicate themselves to protecting users.
The Choice of Tech Experts Worldwide. Try 90 days free of Bitdefender and experience the highest level of digital safety.
Surf the web truly incognito. Try Bitdefender Premium VPN, the ultra-fast VPN that keeps your online identity and activities safe from hackers, ISPs and snoops.