Did you know that Facebook paid out $880,000 in bug bounties in 2017? Well, I got my second bounty within a relatively short span of time. The issue was reproduced by their security team with ease, and had meaningful impact on user’s privacy. I hope this write-up inspires people not to overlook small issues while scrolling aimlessly through Facebook, and also while testing it. "Securing a social media platform with a billion-plus users takes more than an InfoSec team. It takes an army of whitehat hackers who uncover cybersecurity vulnerabilities, document them, and then share that information with the company in exchange for a reward." source So, this started when I was on a small business trip to my hometown with my friend and brother, Avishek. He had a good phone, and we took a few photos, which he sent me via messenger. I was using Facebook Lite. One of my friend asked me for the pictures of our trip. I went to Avishek’s messages, and clicked on one of the picture of suspension bridge to share. It's safe to say I was staggered and embarrassed when the photos from that message were forwarded to my friend. all We shared a good laugh, but, deep inside—I was enjoying a more evil laugh, as I was excited that I had found a security issue on Facebook again! I reported it to the Facebook Security Team immediately. That was their response. They managed to reproduce and fixed the issue. And on 16th April, they replied me with this message, With this write-up, I want to clarify that, I wrote this this not to brag about how much I earned or show how cooler I am. I just wanted to share my happiness with other people and I really hope that this write-up helps people in finding issues on Facebook or any other platform that has bug bounty program. Thank you so much everyone! We can befriend with each other if you click on this . LINK Thank you again for reading and Happy Hunting. :)
