An Indian developer has found a serious security flaw on Instagram. He received a reward of $ 30,000 for it.

A security flaw has appeared on the Instagram social network that allowed anyone to view archived posts, stories, Reels and IGTV users with private profiles without having to follow them. The bug was discovered and reported by Indian developer Mayur Fartade, for which Facebook rewarded him with $ 30,000. The topic was reported by The Times of India.

The security flaw has already been removed from the Instagram social network

The developer described the problem in detail in his post on the Medium portal. This security flaw did not initially look so serious, because attackers had to know their identifiers to view archived Instagram posts. However, Fartade later found that this problem could be easily circumvented.

In investigating the entire issue, Facebook highlighted a scenario in which this error could be dangerous. Fortunately, the bug has already been fixed, and according to Fartad, the entire troubleshooting process took about two months.

Technology giants routinely pay independent developers to find bugs

Independent developers regularly help large technology companies detect bugs in their software. In March, Microsoft paid $ 50,000 to Indian researcher Laxman Muthiyah as part of its bug reporting program. He was able to detect a bug that could allow attackers to take control of other users’ Microsoft accounts. He found the same mistake on Instagram before.