A Nepali Female in Facebook Bug Bounty has discovered a security bug in both Facebook and Instagram. Prava Basnet found a bug linking the Facebook account to Instagram in 2020. She is recently added a female bug bounty from Nepal. She has received a reward from Facebook for discovering bugs related to Facebook and Instagram.
How much Prava Basnet received a reward from the bug bounty platform?
Prava Basnet won the award for two different bugs. She is the first Nepali Female in Facebook Bug Bounty Program. She reports to Facebook after her photo upload to Instagram’s story gets shares on Facebook. Fixing this bug, the company has given a reward of $1000 to Prava Basnet. Similarly, Prava Basnet finds her Instagram account open from Facebook‘s details even when her Instagram and Facebook accounts were not in link. Facebook has solved that bug and given her a bug bounty amount of $2,000.
What issues did Prava Basnet find on Facebook and Instagram in her first Bug?
She has to submit the report to Facebook. After all, a picture leaks from the Facebook account without the wish of the user who posts the story on Instagram.
"I submitted the report after a photo was leaked on my Facebook account against the wishes of the user who posted the story on Instagram" Prava Basnet
In addition, it is impossible for me to log-in to Instagram with my Facebook password. However, Instagram login is possible from Facebook’s details. She reported this because hackers hacked Facebook and there was a risk of hacking Instagram automatically.
"I made it impossible for me to login to Instagram with my Facebook password. However, Instagram was being logged from Facebook's Details. I reported this because if hackers compromised Facebook account then there is a risk of hacking Instagram automatically". Prava Basnet
Prava Basnet’s identity in Bug Bounty Hunter Platform
Hackers compromise many Facebook user’s accounts. Hackers can get access to Instagram automatically by this bug when they compromise Facebook. Therefore, this is a serious issue.
Until a few days ago, when she did not see the participation of women in Bug Bounty, she was hiding in Bug Bounty hiding her real identity. On other hand, she is the first Nepali female to list her name on the Facebook White Hat Thanks page.
"I learned and interacted in some groups by hiding my real identity when there were no women," she said.
Prava’s Conclusion on female’s participation in Bug Bounty Programs:
She says Facebook has rewarded both of these bugs because they are serious about security. ‘Normal Bug Bounty rewards no more than $500. On top of that, giving rewards means that Facebook is important in terms of security. Earlier, Facebook has marked many of her bug reports as duplicates. In conclusion, her work is proof of good works.