​​18-Year-Old Nepali Student Discovers Instagram Flaw Allowing Free Blue Tick Renewal

Kathmandu: An 18-year-old Nepali student, Rubin Bastakoti, has discovered a security flaw in Instagram’s “Meta Verified” system that allowed users to renew their blue ticks indefinitely without paying the subscription fee more than once.

Due to a technical error in the mobile app version of Instagram, eligible users could continue using the Meta Verified service for free after paying a minimal one-time fee. Meta, the parent company of Instagram and Facebook, confirmed the bug and awarded Rubin $1,575 (approximately Rs 225,000) through its Bug Bounty program.

“Any eligible user could extend the Meta Verified service indefinitely after paying about $0.39 under the first-time offer,” Rubin said. “It was a bug that bypassed the verification payment. Users who discovered the flaw could keep the verified mark without additional charges.”

The flaw occurred when users who had already taken Meta’s verification canceled the subscription before the first month ended. Instagram would send a “renew subscription” notification, and clicking it automatically renewed the service for another 30 days at no extra cost. By repeating this loop every month, users could maintain the blue tick indefinitely, posing a direct threat to Meta’s revenue.

Rubin explained, “I reported this flaw to Meta because it could cause significant financial loss and widespread abuse. There was also a risk that the value of the verification mark could be undermined if exploited.”

He created a proof-of-concept video demonstrating the flaw and sent it to Meta’s security team. After reviewing the report, Meta promptly fixed the issue and rewarded Rubin through its Bug Bounty program.

 

पछिल्लो अध्यावधिक: जेठ २२, २०८३ १७:८

टिप्पणीहरू