Instagram has given a reward of $6,000, bug reward to a 21 year old Nepali after the user discovered that the deleted photo and message from Instagram also remained in the company's server.
The company has given a prize money to Nepali Saugat Pokharel, a cyber security researcher, for discovering this security vulnerability. Pokhrel, using his data download tool on Instagram, looked at his details and found that the photo and message he had deleted long ago was also on Instagram's server.
It is considered normal for users to stay on companies' servers for a few days after deleting photos and messages. Instagram also says that it takes 90 days for a user to delete photos and messages from their server.
However, Pokhrel informed the company last October after finding out that the data he had deleted a year ago was still on Instagram's servers. Twitter, Instagram and Facebook have given their users access to data download tools to let them know what data is on the company's servers.
Pokhrel, who is studying BSc in Physics at Amrit Science Campus, said the company paid him $6,000 for finding security vulnerabilities. "I found out about the security breach last October and reported it," Pokhrel told Kantipur. "I received the prize money on February 7."
Pokharel said the fact was made public late as there was a condition that it should not be made public until security vulnerabilities were resolved. Pokhrel informed technology news website TechCrunch after Instagram reported that security vulnerabilities had been addressed and that the vulnerabilities he had discovered could now be made public.
After TechCrunch published this news on Friday, other international media related to technology have also written news about the security vulnerabilities discovered by Pokhrel.
Pokhrel pointed out the security vulnerability last October through Instagram's Bug Bounty program. The company solved this problem a few weeks ago. "Despite such security vulnerabilities, it has not been abused so far", TechCrunch quoted an Instagram spokesperson as saying.
A similar security vulnerability on Twitter was discovered last year. Last year, Twitter solved the problem of having a direct message on the company's server even after deleting it and closing the account.
📣 TECHNEPNEWS is now on Instagram. Click here to follow us (@technepnews) and stay updated with the latest headlines.
Posts
0 Comments
Please donot enter any spam link in the comment box.