Indian girl, awarded ₹22 lakh for revealing bug in Microsoft Azure cloud system

An Indian girl has revealed a major bug in the system and she has received an award for her magnificent achievement. Ethical hacker Aditi Singh has received a reward of $30,000 ( ₹22 lakh approx) by Microsoft for detecting a bug in the Azure cloud system. This is the second major bug Aditi has discovered after finding a similar bug in Facebook two months ago. This time too it was a remote code execution (RCE) bug that Aditi discovered in Microsoft’s Azure cloud system, according to a report by India Today.

The RCE bug in Microsoft Azure was actually discovered by Aditi two months back, and the company was also informed about it. But the company did not respond immediately as it was waiting to check if anyone had downloaded the insecure version of the system, the report added. Aditi explained the reason behind the RCE bug. She said developers should have first downloaded a Node Package Manager instead of writing the code directly. “Developers should write codes only after they have the NPM,” Aditi was quoted as saying

Aditi also talked about how she got into ethical hacking, a field she has been working on for the past two years. Her first hacking incident was when she managed to hack into her neighbour’s Wi-Fi password. She then took an interest in ethical hacking when she was preparing for her medical entrance exam, NEET. While she didn’t get through medical school, she did find bugs in over 40 companies including Facebook, TikTok, Microsoft, Mozilla, Paytm, Ethereum and HP. Aditi added that she became certain about ethical hacking after she discovered an OTP bypass bug in TikTok’s Forgot Password system. Aditi also shared how people interested in ethical hacking can find multiple resources available online. She added that to get into advanced hacking one must know a programming language. Aditi also suggested OSCP, a certificate course for ethical hacking.

Earlier, another Indian, Mayur Fartade was awarded $30,000 for finding a bug on Instagram that might have allowed malicious users to view what he called “targeted media” without following a user, by making use of the Media ID. Fartade disclosed the bug to the company’s security team on April 16, he states that it resolved the issue by patching the bug on June 15.