A Indian Cyber Security Researcher earns 15 lakhs bug bounty From Facebook
A cross-site scripting (XSS) vulnerability that affected the ‘Login with Facebook’ button has earned a security researcher 15 lakhs. A indian cyber security researcher named Vinoth Kumar discovered a DOM-based XSS vulnerability in the technology that gives third-party websites the option to authenticate visitors through the Facebook platform. The security issue arose because of a flawed implementation of the postMessage API. Kumar described the technology is an underexplored avenue for security bug hunters, hence his decision to look into Facebook’s implementation. The researcher reported the issue to Facebook on April 17, three before days the social network resolved the security bug. Facebook paid out a 15 lakhs bug bounty for Kumar’s find on May 1.