Indians are leading the world as big hunters on Facebook

NEW DELHI: The country hosting the largest Facebook user base, India, is also the country where cyber security researchers receive the largest amount of payments from the social media behemoth for discovering data breaches and vulnerabilities. of points.

According to Facebook, in 2018 the company provided over $ 1.1 million to security researchers from more than 100 countries, raising their total payment to over $ 7.5 million. The repayment program, known as a generous bug program, was launched by Facebook in 2011. The first three countries based on the sum of payments were India, the US and Croatia.

He was an Indian security expert who played a critical role in the latest data breach in the social media company, though he did not report his discovery in the "bounty bug" program.

US electronic publisher Tech Crunch reported Wednesday the discovery of hundreds of millions of phone numbers linked to Facebook accounts through an exposed server containing more than 419 million files in various databases for users in various markets. Tech Crunch was interrupted by Sanyam Jain, an Indian security researcher from Udaipur and a member of The Hague-based non-profit GDI.

Dan Gurfinkel, head of security engineering for Facebook, said that since the company launched its bugs program, where it collaborates with security researchers from around the world, India has been among the top countries in generational payments. and the quality of the bug reports. "We especially appreciate the Bugy Bugs community from India that is constantly working with us to help people use our platforms safely," he added.

Gautam Kumawat, who trains state police in social media and cybercrime and is awarded on the Facebook program, said India's missing bug community has grown in line with the platform's popularity here.


Last month, Chennai's Indian security researcher Laxman Muthiyah from Chennai received $ 30,000 from Facebook for detecting a major security flaw and demonstrating how many Instagram accounts could be hacked in minutes. Earn $ 10,000 again this month for hunting for a bug on the same platform. Muthiyah posted the findings on his blog The Zero Hack via a July 29 post titled "How I Could Have Lost Any Instagram Account".

Saket Modi, CEO and co-founder of Lucideus, says his company is a top contributor to cyber vulnerability. He said Lucideus is discovering many of the findings gathered by the National Vulnerability Database (NVD), the largest cyber vulnerability database worldwide, and that the company has reported about 30 vulnerabilities to various social media companies over the past two years.

In response to Jain's recent breach, Facebook said the dataset is outdated and appeared to have acquired information before making changes last year to remove people's ability to find others using phone numbers. But worries have grown since Jain's discovery.

"If we take Facebook's comments at face value, we're glad they can't do it now. But before they make changes, through an automated removal methodology, a person / script could download the phone numbers and even some The gender and location of 419 million people doesn't speak much about Facebook, saying today it doesn't exist, but it has been over a decade, before last year, what was happening, "Modi's Lucideus said.

In response to ET's queries, Facebook did not specify whether the Indian users had been affected. "The data set has been removed and we do not see any data undermining the Facebook accounts. The underlying issue was dealt with as part of a news release on April 4, 2018 by Facebook's head of technology," said a Facebook spokesman.