https://sputnikglobe.com/20181213/indian-engineer-bags-microsoft-bounty-1070652614.html

Young Indian Engineer Bags Microsoft Bug Bounty

Sputnik International

Sahad N.K. has received an undisclosed huge bounty from Microsoft for fixing a string of bugs in the company’s software and for reporting a deficiency that... 13.12.2018, Sputnik International

2018-12-13T12:40+0000

2023-02-10T09:03+0000

https://cdn1.img.sputnikglobe.com/img/105602/87/1056028771_0:0:1920:1080_1920x0_80_0_0_7edf5eb739df277e82cea1d4d8408dd3.jpg

kerala

Sputnik International

feedback@sputniknews.com

+74956456601

MIA „Rossiya Segodnya“

252

2018

Sputnik International

feedback@sputniknews.com

+74956456601

MIA „Rossiya Segodnya“

252

News

en_EN

Sputnik International

feedback@sputniknews.com

+74956456601

MIA „Rossiya Segodnya“

252

1920

1080

true

1920

1440

true

https://cdn1.img.sputnikglobe.com/img/105602/87/1056028771_0:0:1920:1440_1920x0_80_0_0_e9077677b4a00ea559be81729d6ad331.jpg

1920

true

Sputnik International

feedback@sputniknews.com

+74956456601

MIA „Rossiya Segodnya“

252

Sputnik International

newsfeed, kerala, microsoft

Young Indian Engineer Bags Microsoft Bug Bounty

12:40 GMT 13.12.2018 (Updated: 09:03 GMT 10.02.2023)

CC0 / / Microsoft

CC0 / /

Sahad N.K. has received an undisclosed huge bounty from Microsoft for fixing a string of bugs in the company’s software and for reporting a deficiency that could have been enough for a hacker to hack into anybody’s Microsoft account.

Safetydetective.com, the portal for which Sahad N.K. works, told Sputnik that they contacted Microsoft as soon as the vulnerabilities were detected in June this year. The problem was fixed by Microsoft by the end of November, after which it offered an undisclosed reward to the young engineer, who belongs to the southern Indian state of Kerala.

"Immediately after finding these vulnerabilities, we contacted Microsoft via their responsible disclosure program and started working with them. The vulnerabilities were reported to Microsoft in June and fixed at the end of November 2018. While the vulnerability proof concept was only made for Microsoft Outlook and Microsoft Sway, we expect it to affect all Microsoft accounts including Microsoft Store", Safetydetective.com said in response to a query from Sputnik.

A hooded man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017 - Sputnik International

Asia

Fast Paced Indian Economy Facing a Cyber Security Nightmare : Study

7 December 2018, 14:45 GMT

Sahad works as a security researcher with the cybersecurity portal Safetydetective.com. The portal shared its response with Sputnik on the development, revealing that they had contracted Sahad for the particular assignment, but refused to disclose the bounty amount.

"During our first security investigation for critical vulnerabilities affecting Microsoft, we came across multiple vulnerabilities that, when chained together, allowed an attacker to take over any Microsoft Outlook, Microsoft Store, or Microsoft Sway account simply via the victim clicking on a link", Safetydetective.com added.

Sahad, with the help of fellow security researcher Paulos Yibelo, reported the bug to Microsoft, which fixed the vulnerability and gave an unspecified amount as bug bounty to Sahad, according to the news agency IANS. Sahad is the same person who received bug bounty from Facebook last year for discovering a bug in the social networking platform.

"Anyone's Office account, even enterprise and corporate accounts, including their email, documents, and other files, could have been easily accessed by a malicious attacker, and it would have been near-impossible to discern from a legitimate user", said another cyber analysis portal, TechCrunch, in its response to the development.

The views and opinions expressed by the speakers do not necessarily reflect those of Sputnik.