Tech companies occasionally reward those who find vulnerabilities. Instagram is just one of these companies. High school students Arda Kılıç and Mert Ergün, who discovered a flaw on Instagram and shared it with the company, were surprised when they saw that Instagram gave $ 5 as a reward.
Social mediaThe two high school students who found an advertisement deficit on the platform Instagram realized that they could apply the sponsored ads as they wanted without any card information or approval. They learned that they will be rewarded with $ 5 when they posted this vulnerability to Instagram. The students, who found the application’s vulnerability many times before, said that one zero was removed from the amount of the prize each time.
Arda Kılıç and Mert Ergün, who live in Istanbul, noticed a gap while visiting Instagram to advertise their mobile apps. They realized that the Sponsored ads on Instagram were able to advertise as much as they wanted without entering any card information and approving any contract. Thereupon, the response from the social media platform to the students who sent an information mail to Instagram was an answer stating that they will be rewarded with $ 5. Before that, students who found 2 different openings were told that they will receive 750 dollars from Instagram in the first open and 50 dollars in the second open.
“Instagram could suffer if malicious companies found the vulnerability”
Arda Kılıç, who explained the deficit they found on the social media platform and stated that he gave feedback to prevent malicious people from falling into the hands, said, “With the open we found on Instagram with my friend, the Sponsored ads on Instagram are open-ended without entering any card information and approving any contract. We realized that we could advertise in the amounts we wanted. We came across this reveal with my friend while advertising our mobile application on Instagram as usual. If such a vulnerability had been captured by malicious companies or individuals, they would have been able to exploit this vulnerability by advertising in the amounts they wanted to themselves or their institutions. In other words, they could put their institutions and their own advertisements in great damage on Instagram without paying any fee to Instagram ”.
“A ‘0’ was deleted from the
prize in every vulnerability we found. ” Stating that the prize was offered to them by decreasing the amount of the prize they found, Mert Ergün said, “When we realized this gap, we reported it directly to Instagram with my friend and they said that they would reward us with 5 dollars, including explaining the gap in more detail. We have explained the vulnerability in detail so that the vulnerability does not fall into the hands of malicious people and is not noticed. In the first deficit, we were offered a reward of $ 750. Who offered us a funny figure like $ 50 for the next different deficit we foundInstagramThis time, he offered us a reward of $ 5 for the deficit we found. I guess they will continue by deleting a 0 from the end of the prize offer of the previous vulnerability we found in each vulnerability we find. “We do not do this for money, but the awards that a giant platform like Instagram gives us such big deficits just make us laugh.”