.png)
3 days ago
11 BOOK THIS SPACE FOR AD
ARTICLE AD
Hi, this is Sydney Ricafort again with another write-up. Today, I’ll share how I accidentally found a bug that earned me $3,000.
Story Time
I was working as a full-time developer, and it was a regular Tuesday. During a code review meeting with my colleagues, I suddenly received a notification on my computer. Someone had commented on a reel I shared an hour ago.
The strange part? The person who commented wasn’t on my friends list. Right away, I had a feeling this was a bug because I knew that I did not set my default audience privacy as “Public” . I asked my colleagues for a quick break to check something, then jumped onto my personal computer to investigate. And boom! My suspicion was correct — the post I shared had been made public, even though I was sure I had set the privacy to Friends or Only Me.
To confirm, I tested the bug using different accounts and devices. Once I verified that the issue was real, I immediately reported it to Meta with the following reproduction steps:
Steps to Reproduce the Bug:
1. Open Facebook Lite.
2. Share any reel.
3. Change the privacy setting to “Only Me”
4. Click “Share.”
5. Notice that after sharing, the privacy automatically changes to “Public” instead of staying as “Only Me”
Since I was part in the workplace, I had access to Meta’s security engineers. I ping one of them about my new report, as this was a serious privacy concern if left unfixed.
Two days later, Meta triaged my report, and in less than 24 hours, the issue was fixed. After nearly two weeks of waiting, they rewarded me with a generous $3,000 bounty.
Takeaway: Sometimes, finding bugs doesn’t require tools — just keen observation and critical thinking. 😉
Bengali (Bangladesh) · 
English (United States) ·