Microsoft Bug Bounty: $30,000 Prize for Indian from Microsoft for finding bug in Azure cloud system

The 20-year-old ethical hacker who found a similar bug in Facebook just two months back, and won a bounty of $7500, says that both companies had a remote code execution (RCE) bug, which she says is relatively new and is currently not being paid much attention to.

• Aditi Singh, a 20-year-old ethical hacker from Delhi, has won a reward of $30,000 for spotting a bug in Microsoft’s Azure cloud system.
• Two months back Aditi found a similar bug in Facebook and won a bounty of $7500.
• Aditi is a self-taught bounty hunter and notes that there are plenty of resources available on Twitter, Google and Hacker One for aspiring bounty hunters.

Aditi Singh, a 20-year-old ethical hacker from Delhi, has won a reward of $30,000 (approximately Rs 22 lakh) for spotting a bug in Microsoft’s Azure cloud system. Aditi, who found a similar bug in Facebook just two months back and won a bounty of $7500 (approximately over Rs 5.5 lakh), says that both companies had a remote code execution (RCE) bug, which is relatively new and is currently not being paid much attention to. Through such bugs, hackers can get access to internal systems and the information they hold. Aditi notes that it is not easy spotting bugs and that ethical hackers have to stay on top of their game about new bugs, so they can report about them and still be eligible for their payouts. She, however, also emphasises on gaining knowledge and learning about ethical hacking first, rather than focussing on just making money.

“Microsoft has only fixed the bug which I spotted two months back. They have not fixed all of them,” says Aditi, who was the first one to spot the RCE bug and said that the tech giant took two months to respond as they were checking if anybody had downloaded its insecure version. Aditi suggests that before even starting to find a bug, people should ask the support team of that company ask if they are hosting a bounty program, and if that company confirms about such a program, bounty hunters should go ahead.

Bug bounty hunters are mostly certified cybersecurity professionals or security researchers who crawl the web and scan the systems for bugs or flaws through which hackers can sneak in and alert the companies. If they are successful, they are rewarded with cash.