A 20-year-old hacker from Kollam, India, has been awarded Rs. 10.70 lakh ($16,000, £12,270) for exposing a critical security vulnerability in Facebook's code that allows an attacker to hijack any page in less than 10 seconds.
Arun S Kumar, a computer engineering student with Kerala University's MES Institute of Technology and Management, discovered the flaw in the Facebook Business Manager on 29 August and reported it to Facebook, according to The Times of India.
In less than 24 hours, a member of the social network's security team replied to him, praising him for helping to prevent a huge security breach. Facebook fixed the flaw by 6 September and then contacted Kumar again to tell him that they had decided to award him a bug bounty.
This is not Kumar's first time spotting critical flaws – he has spotted multiple vulnerabilities over the last three years for both Facebook and Google, and has been paid a total of $46,000 in bug bounties.
In August, Kumar was invited by Facebook to travel to Las Vegas to meet with Facebook's security team, together with three other hackers from different countries. He was also inducted into Facebook's white hat hacker hall of fame. The list of inductees in 2016 so far numbers 130, and Kumar is ranked number 10 on the list.
Kumar has been saving the money he has earned from the various bug bounties in order to one day fund further education at a university abroad.