This story is from March 08, 2016
Bengaluru hacker finds Facebook bug, awarded Rs 10 lakh
NEW DELHI: Bengaluru-based hacker Anand Prakash has been awarded $15,000 (approximately Rs 10 lakh) for finding a bug in Facebook’s login system. The bug, if exploited, could let hackers access a user’s messages, photos and even debit/credit card details stored in the payments section, among others.
Prakash sent the bug report to the Facebook security team on February 22 and received a mail about the reward on March 2.
On his blog, Prakash wrote:
Whenever a user forgets his password on Facebook, he has an option to reset the password by entering his phone number/ email address on https://www.facebook.com/login/identify?ctx=recover&lwv=110, Facebook will then send a 6 digit code on his phone number/email address which user has to enter in order to set a new password.I tried to brute the 6 digit code on www.facebook.com and was blocked after 10-12 invalid attempts. Then I looked out for the same issue on beta.facebook.com and mbasic.beta.facebook.com and interestingly (the) rate limiting was missing on forgot password endpoints. I tried to take over my account (as per Facebook's policy you should not do any harm on any other users account) and was successful in setting new password for my account. I could then use the same password to login in the account.
Born in Bhadra, Rajasthan, Prakash went to Vellore Institute of Technology to pursue his B Tech in computer science engineering. According to a report by YourStory.com, Prakash has earned over Rs 1 crore so far by finding such bugs and has reported over 80 bugs to Facebook alone. In 2015, he was ranked No. 4 and globally by Facebook for finding the most bugs on the social networking website. Major companies that have paid him for finding bugs in their code include Google, Twitter, Adobe, RedHat, SoundCloud, Nokia, PayPal and eBay, among others.
Prakash’s award of $15,000 was towards the high end of the payment spectrum as the average payout for identifying bugs in the system in 2015 was $1,780. Hackers from India, Egypt, and Trinidad & Tobago lead the bounty payout programme.
Read this story in Marathi
Prakash sent the bug report to the Facebook security team on February 22 and received a mail about the reward on March 2.
On his blog, Prakash wrote:
Whenever a user forgets his password on Facebook, he has an option to reset the password by entering his phone number/ email address on https://www.facebook.com/login/identify?ctx=recover&lwv=110, Facebook will then send a 6 digit code on his phone number/email address which user has to enter in order to set a new password.I tried to brute the 6 digit code on www.facebook.com and was blocked after 10-12 invalid attempts. Then I looked out for the same issue on beta.facebook.com and mbasic.beta.facebook.com and interestingly (the) rate limiting was missing on forgot password endpoints. I tried to take over my account (as per Facebook's policy you should not do any harm on any other users account) and was successful in setting new password for my account. I could then use the same password to login in the account.
Born in Bhadra, Rajasthan, Prakash went to Vellore Institute of Technology to pursue his B Tech in computer science engineering. According to a report by YourStory.com, Prakash has earned over Rs 1 crore so far by finding such bugs and has reported over 80 bugs to Facebook alone. In 2015, he was ranked No. 4 and globally by Facebook for finding the most bugs on the social networking website. Major companies that have paid him for finding bugs in their code include Google, Twitter, Adobe, RedHat, SoundCloud, Nokia, PayPal and eBay, among others.
Prakash’s award of $15,000 was towards the high end of the payment spectrum as the average payout for identifying bugs in the system in 2015 was $1,780. Hackers from India, Egypt, and Trinidad & Tobago lead the bounty payout programme.
Read this story in Marathi
Top Comment
S
Suharmana Hardjox
3557 days ago
i can tehe picture now bay remain now not or line out and icant have my hobiesRead allPost comment
Popular from Business
- Gold price hits record high! Yellow metal jumps to $4,383.76 in early trade — What's driving the rally?
- Why linking Google Sign-In makes accessing TOI+ easier
- From March 1, Air India to stop non-stops to San Francisco from Mumbai, Bengaluru
- Trai's '12-minute-per-hour' cap: Regulator asks broadcasters to comply with limit; 'no express stay on regulation'
- Groww, Lenskart & more: Stock recommendations by brokers for today — check details
end of article
Trending Stories
- Silver price hits record high! White metal crosses Rs 2.14 lakhs per kg — What's fuelling the rally?
- Rupee continues healing: Currency rises 22 paise in early trade; reaches Rs 89.45 against US dollar
- Stock market today: Nifty50 above 26,100; BSE Sensex up over 450 points
- Asian stocks today: Market trades in green lifted by tech equities; Nikkei nears 2% gains while yen suffers
- Top stocks to buy: Stock recommendations for the week starting December 22, 2025 - check list
- Gold price hits record high! Yellow metal jumps to $4,383.76 in early trade — What's driving the rally?
- Groww, Lenskart & more: Stock recommendations by brokers for today — check details
Photostories
- Top 10 richest countries in the world in 2025
- 7 simple fruit plants ideal for a lush balcony garden
- 6 quirky book titles that instantly spark curiosity at first glance
- Soya chunks vs Soya chaap vs Baked beans: Which has more protein and nutrition
- Kashmir: Chillai Kalan arrives as fresh snowfall turns the Valley into a winter wonderland — what exactly is it?
- Fatty liver disease, social media myths and the risk of self-diagnosis
- From Japan to Ukraine: 7 weird yet wonderful Christmas traditions from different countries that bring families and people together
- Major relief for Bengaluru commuters: Kamaraj Road between Cubbon Road-Cauvery Emporium junction likely to reopen next year inJanuary
- Surfing Santa: 5 countries in the world that celebrate summer Christmas
- Heritage restored, culture revived: Chennai’s Victoria Hall reopens
Up Next