(Image source from: Indian engineer "bugs" a bounty})

A 21-year-old engineer has hit a fortune and how?

Arul Kumar has bagged a whopping $12,500 ( Rs 8,25,000 ) bounty from Facebook for reporting a critical bug that allowed anyone to delete any photo hosted on the website.

However, this isn't the first time that  Arul has bagged a Facebook bug bounty. Just a month back, he had  reported another critical bug for which he was stipulated $1500 prize. The budding engineer is yet to get his prize.

Quite interestingly, Arul is neither a software professional nor a technical whiz. In fact, he is a graduate in electronics and communications from Hindusthan Institute of Technology in Coimbatore.

"Earlier this year, I heard about the Facebook bug bounty programme through which the company rewards people find who flaws on the website. Then I came to know about some Indian hackers who hunt for bugs and are rewarded. I started looking for bugs and learned programming and networking through tutorials on the web. The bug that I found on Facebook doesn't require some technical wizardry. I found it because I keep an open eye when I use web services."

When Arul spotted the photo bug, he immediately reported to Facebook, who initially shot down his claim, before being convinced later.

"I messed around with this for the last 40 minutes but cannot delete any victim's photo. All I can do is if the victim clicks the link and chooses to remove the photo it will be removed, which is not a security (vulnerability) obviously," a member of Facebook security team wrote in an email.

While he has tasted some success, Arul says that he wants to learn more about programming and computer security practices. "I am just a beginner as far as ethical hacking and security research is concerned. In fact, I got my first laptop just in January," Arul concluded.

AW: Suchorita Dutta