A young hacker here in Kollam has received a Rs 10.70 lakh ($16,000) bounty after finding a vulnerability in Facebook code. Facebook began the bug bounty programme in 2011, under which people who notify flaws on its website are given a reward.
Arun S Kumar, a 20-year-old computer engineering student at the MES Institute of Technology and Management in Chathannoor, exposed a critical vulnerability in Facebook Business Manager which would allow a hacker to take control over the Facebook page in less than 10 seconds.
“Since the hacker would be able to manipulate the page of any Facebook user, the damage it would bring is beyond imagination,” said Arun while speaking to TOI.
He detected the bug on August 29 and reported it to the Facebook security team. One of them wrote back to him the very next day saying how his discovery helped them prevent a massive security breach. The team fixed the bug by September 6 and after three days Arun got a mail from them informing him of their decision to reward him.
Arun has a history of bug hunting. He had spotted many bugs in Google and Facebook in the past. Facebook had paid out a Rs 7 lakh bounty to him in April for finding a vulnerability. The young techie has received about Rs 30.85 lakh ($46,000) in payouts for hunting down bugs in the past three years.
Facebook had invited him in August this year along with three other hackers from different countries for a meeting with its security members at Las Vegas.
He was also awarded the tenth place in the Facebook’s hall of fame of the white hat hackers. He is the only Indian to be honoured in the website’s hall of fame.
A native of Mundakkal here at Kollam, Arun is a year away from completing his degree. He said he wished to use the prize money to fund his higher education abroad. His father, P S Sureshkumar, is a clerk with the state government and mother, Nagalakshmi K, a housewife.