Mining student Andres Alonso Bie Perez, just 14 years old, received a $ 25,000 prize from Facebook after helping to uncover a security breach on Instagram and reporting the issue to the security team at company.
Facebook, like many other companies, has a “bug bounty” program to reward and reward information about vulnerabilities in its services.
Andres, who heard about the opportunity by watching videos on YouTube, expected to receive a maximum of $ 1,000 for what he had found. “I was fine and I received the notification from Facebook and the amount. I didn’t expect such a high amount,” Andres told the Altieres Rohr blog.
“The researcher reported an issue that could allow malicious code to be sent through a Spark AR filter that could grant access to a person’s Instagram account via the platform’s web client. Thanks to the report, we fixed the flaw and we found no evidence of abuse, “the social network said on the blog.
The flaw was discovered because Andres wanted to create an application to replicate Instagram image filters that are only available on the computer. When he analyzed the method used to create these filters, he realized that the links could be manipulated to include any code on the Instagram page.
According to the company’s rule, websites cannot allow other people to control the code loaded on the page – which characterizes a vulnerability.
“I was making an application that needs to integrate with Instagram filters and I needed to know how it created the filter links. For that I had to study the application and saw that it had the possibility of being [uma falha]. I tested it and it worked “, explained the Brazilian to the blog.
Whoever decides the amount paid for the failures reported to these “bug bounty” programs is always the company. In the case of Facebook, the average payment is US $ 1,500 (about R $ 8,000).
These were the details of the news Reward: young man receives R $ 130 thousand after helping Facebook for this day. We hope that we have succeeded by giving you the full details and information. To follow all our news, you can subscribe to the alerts system or to one of our different systems to provide you with all that is new.
It is also worth noting that the original news has been published and is available at time24.news and the editorial team at AlKhaleej Today has confirmed it and it has been modified, and it may have been completely transferred or quoted from it and you can read and follow this news from its main source.