Home» News» Saugat Pokharel, An Independent Security Researcher from Nepal, Awarded $6000 Bug Bounty by Instagram

Saugat Pokharel, An Independent Security Researcher from Nepal, Awarded $6000 Bug Bounty by Instagram

Saugat Pokharel, a cybersecurity researcher from Nepal was awarded a $6,000 bug bounty by Instagram.

He found out that the photos and private direct messages of users were retained by Instagram servers even after deleting them.

Saugat Pokhrel

To comply with European data rules, Instagram had added a feature that lets users download their data i.e images and direct messages.

Saugat Pokharel who’s an independent security researcher downloaded his data from Instagram but he was sent deleted data as well. This showed that the data were never completely cleaned up from Instagram servers.

Instagram says this was due to a bug in its system which is now fixed and Saugat Pokharel has been awarded a $6,000 bug bounty for highlighting the bug.

A spokesperson for Instagram told TechCrunch: “The researcher reported an issue where someone’s deleted Instagram images and messages would be included in a copy of their information if they used our Download Your Information tool on Instagram. We’ve fixed the issue and have seen no evidence of abuse. We thank the researcher for reporting this issue to us.”

As per the reports of TechCrunch, Saugat Pokharel discovered the bug in October last year but it was only fixed earlier this month.

Normally, even if we delete data from the cloud servers of any application it takes some time to totally delete the data. Usually, some applications like Google Drive save the deleted items for some time in the trash folder.

According to TechCrunch, Instagram said it takes about 90 days for deleted data to be fully removed from its systems.

However, Saugat Pokharel was able to download his data which was deleted more than a year ago.

“Instagram didn’t delete my data even when I deleted them from my end.” he told TechCrunch.

There has been no report from Instagram saying if this issue affected all the Instagram users. It’s an identical issue that Twitter fixed last year.

Twitter users were able to access deleted direct messages including messages sent to and from suspended/ deactivated accounts using Twitter’s own data download tool.

READ NEXT: ePharmacy: The Story Behind Nepal’s Next Pioneers in Digital Healthcare Solution

Leave a Reply

Your email address will not be published. Required fields are marked *

The Latest
Bajaj EMI Offer