Jaipur Student Reports Critical Instagram Bug, Wins Rs 38 Lakh as Part of Bug Bounty Program from Meta

Neeraj Sharma, a boy from Jaipur received approx Rs 38 lakh from Meta for reporting a bug in Instagra,


A boy from Jaipur named Neeraj Sharma has received a Rs 38 lakh reward from Zuckerberg-owned Meta for reporting a critical bug in Instagram. Sharma reported to Meta about a critical bug in Instagram Reels that allowed anyone to change the thumbnail (cover picture) irrespective of the choice of the video owner. This could have resulted in crores of accounts being hacked. Sharma reported this to Meta for which he was rewarded.

Neeraj Sharma, in December last year found something unusual with his account. He started digging deep the whole night and found out that there is a bug related to his Instagram account. Later, he found out that it is common on other accounts as well.

What’s the Instagram Bug that Neeraj Sharma Reported?

Apparently, we all either watch Instagram Reels or upload them through our accounts. If you have uploaded any reel, you might have seen the option of the cover picture which acts as a thumbnail of the video. Neeraj noticed that this thumbnail of the Instagram Reels could be changed from any other account just by using the Media ID of the account.

On January 31, Neeraj found out every detail after which he sent an email to Meta. The company officials replied to him within three days asking him to send a demo. Neeraj showed them changing the thumbnail in just five minutes. Meta officials noticed that the bug is real and rewarded him with an amount of $45,000 (about Rs 35 lakh). However, Meta took four months to release the bounty reward to which they offered him a compensation of another $4500 (about Rs 3 lakh) as a bonus.

Neeraj in his interview with IANS said, “There was a bug in Facebook’s Instagram, through which the thumbnail of the reel could have been changed from any account. All it required was the media ID of the account to change it no matter how strong the password of the account holder is.”

“In December last year, I started finding fault with my Instagram account. After a lot of hard work, on the morning of January 31, I came to know about the (bug) mistake on Instagram. After this, I sent a report to Facebook about this mistake on Instagram at night and received a reply from them after three days. It asked me to share a demo,” Sharma told in his interview.

If you ever found a bug in any of the Meta owned apps, then you can report the same to the company via email. Meta has been running a bug bounty program to take the help of users in protecting anyone’s account from hacking. The company rewards the user depending on how big the risk could be.