Meta rewards Jaipur's Neeraj Sharma with ₹38 lakh for reporting a critical bug on Instagram

Jaipur's Neeraj Sharma reported a severe loophole in the functioning of Instagram and got rewarded with a sum of ₹38 lakh from Meta. Due to this critical bug, anybody could change the thumbnail of the reels of another person, without entering the login details of that user.

Instagram currently has more than two billion active users, operating the social media platform through various devices. These accounts consist of sensitive personal information of the users such as birthdate, contact details, residential information and even biometrics. And this bug, could have risked it all!

As per the reports, the bug allowed any person to change the thumbnail of the reel posted by any random person on Instagram even without knowing the user password. All it required was the media ID of the account.

Neeraj accidentally came across this fault back in December 2021 after which he investigated the actual source of the bug. After identifying the issue in depth, he reported the bug to Meta (Facebook) and shared a 5-minute demo demonstrating the bug.

Meta investigated the matter and verified the genuineness of the fault in Instagram. Acknowledging Neeraj's efforts, Meta mailed him regarding the approval of the bug report which also stated that he has been awarded $45,000 (translates to ₹35 lakh) back in May. Later, an additional sum of $4,500 (translates to about ₹3.6) was also given to him for delaying his reward by four months.

Neeraj was rewarded under Meta's special reward programme known as the Meta Bug Bounty Programme. This initiative is run by Meta Platform, Inc. to encourage and reward programmers, software technicians and even users for reporting security threats or vulnerabilities in their products.