How This Indian Bug-Bounty Hunter Hacked 1.6 Billion Facebook Accounts In exchange for not misusing the exploit and directly reporting it to Facebook, Zuckerberg's team rewarded him 10.5 lac rupees!

By Rustam Singh

Opinions expressed by Entrepreneur contributors are their own.

You're reading Entrepreneur India, an international franchise of Entrepreneur Media.

NuOilSuwannar / Shutterstock

Bug Bounty Hunting – the profession of ethical or "White hat" hackers who intentionally hack into servers and companies websites with the hope to find an exploit are finally receiving the popularity they deserve. One such bounty Hunter famous bug bounty hunter is Bangalore based Anand Prakash who managed to track a bug on that gained him unfiltered complete access to every Facebook user, or almost 1 billion profiles. Fortunately for Mark Zuckerberg, instead of going rougue and exploiting the bug to cause havoc, steal private images, conversations, credit card details and harass/blackmail anyone, he immediately reported the bug to Facebook's bug reporting team. In exchange for his work, Facebook instantly rewarded him US$ 15,000 or more than 10 lac rupees!

The bug

The vulnerability was relatively easy to exploit but had a massive impact. Whenever a user forgets his password on Facebook, he has an option to reset the password by entering his phone number/ email address on

Facebook then sends a 6 digit code on the user's phone number/email address which user has to enter in order to set a new password. To prevent brute force attacks (where a computer keeps trying every logical combination of numbers on the login page till eventually reaching the correct password), Facebook has limited 10-12 attempts per account before waiting. Exploiting this, Anand gained access to any account on Facebook.

The exploit

Brute force protection was valid only on the main homepage, However a alternate URL, and did not have the same protection. Exploiting this, he brute forced his way to gain access to any account at all by resetting their password. The newly set password could be used to login any account.


Facebook reacted immediately and fixed the bug within few hours. Just one week later, Anand received the confirmation and in light of the extremely crucial exploit, decided to reward him the bounty.

Anand has previously exposed several bugs in popular websites, including hacking 62.5 million Zomato users as well as deleting any note from any user's account for which he was awarded 2500US$ and forced unstoppable spamming of posting on behalf of any of your friends. He was awarded 12,500 US$ for exploiting this bug.

Anand Prakash (Image source:

As you can see ethical hacking is an extremely value able profession and businesses can gain a lot from voluntarily encouraging users to find out bugs before unethical hackers find the same bug. They can save millions in data loss apart from losing the trust of millions of users. Entrepreneurs, start-ups and businesses should be encouraged to reward generously to bug bounty hunters. Does your start-up have a bug reporting reward system? Let us know in the comments on our official Facebook page, Entrepreneur India

Rustam Singh


Tech reporter.

Contact me if you have a truly unique technology related startup looking for a review and coverage, especially a crowd-funded project looking to launch and coverage.

Related Topics


International Security Firm Welcomes Female India Native to an Essential Leadership Position

Yasmin Brar has been appointed as the Operations Strategy Director, a role that underscores the company's commitment to innovation, expansion, and strategic management

Business News

Lululemon Founder Bashes Company's 'Diversity and Inclusion', Calls Models 'Not Inspirational': 'You're Not Everything to Everybody'

Chip Wilson left the company in 2015 after controversial comments forced him to step down as CEO in 2013.

Business Ideas

55 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.

Business News

Here Are 3 Strategies Startup Founders Can Use to Approach High-Impact Disputes

The $7 billion "buy now, pay later" startup Klarna recently faced a public board spat. Here are three strategies to approach conflict within a business.