Indian Security Researcher received $55,000 under bug bounty program by Facebook

A security researcher Amol Baikar form Pune, India has received an award of $55,000 for finding a bug in Facebook’s OAuth framework that can allow attackers to hijack and takeover user accounts.

In December 2019, he reported a flaw in Facebook’s “Login with Facebook” feature which follows OAuth 2.0 protocol to exchange the tokens between facebook.com and third-party website/s.

Amol also posted a Proof of Concept where he added information about exploiting the vulnerability which could be 9-10 years old.

After reporting the vulnerability, Facebook quickly issued a fix for this critical finding and awarded Amol a huge sum of $55,000 (which is the highest ever awarded by Facebook for finding a client-side account takeover bug.