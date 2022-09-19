By CNBCTV18.com

Mini Neeraj Sharma, a 20-year-old security enthusiast, identified a bug in Facebook’s Instagram through which thumbnails of any user account could be changed by malicious actors without login and password.

Instagram has given a cash award of Rs 38 lakh to a student from Jaipur for saving social media accounts from getting hacked. Twenty-year-old Neeraj Sharma identified a bug in Facebook’s Instagram, through which thumbnails of any user account could be changed by malicious actors without login and password, IANS reported.

Sharma reported his findings to Instagram and Facebook. After investigations, the social media platform found the mistake to be authentic and rewarded him Rs 38 lakh.

The student first encountered faults with his Instagram account in December last year. On January 31, he was able to identify the bug on Instagram, following which Sharma sent a report to Facebook.

“All it required was the media ID of the account to change it no matter how strong the password of the account holder is,” Sharma said.

Three days later, he received a reply from Instagram asking him to share a demo.

Sharma, who identifies himself as a 20-year-old security enthusiast from India in the platform InfoSec Write-Ups, took five minutes to demonstrate the bug by changing the thumbnail.

Also read: Instagram tests new features to let users control what they see on the app

After reviewing the case, Instagram approved his report. Sharma received a mail from Facebook on May 11 in which he was informed that we would receive $45,000 (about Rs 35 lakh) as a reward.

“Your report highlighted a scenario where it is possible to change the thumbnail of a public reel. Thanks to your report we’ve made changes in our infrastructure to prevent similar bugs from occurring in the future,” Facebook said in the mail.

Also read: TikTok announces a new feature called TikTok Now that sounds a lot like BeReal

At the same time, the social media giant also gave Sharma $4,500 (about Rs 3 lakh) as bonus in lieu of the delay of four months in giving the reward, IANS reported.