Surti youngster Krutarth Shukla awarded by Facebook White Hat!

Today web security is a big problem for many internet giant companies. So to overcome security issues, many companies like Facebook, Microsoft, Google, Apple had introduced bug bounty programs.

Krutarth Shukla, youngster based in Surat is awarded by 1000$ as bounty and white hat by the bounty program of Facebook. Krutarth just completed In Computer Science from Shankara Institute, Jaipur and he is currently working as a freelancer.

What is Facebook Bug Bounty Program?

Facebook’s white hat bug bounty program is started with aim to fix security issue in Facebook so user’s privacy can be ensured, program is managed by security experts who works at Facebook.

Under this program, security researchers around the globe, report security vulnerability to the facebook, once their reported security vulnerability is approved from facebook team then they get paid bounty, bounty depends on level of risk of security vulnerability.

Usually facebook pays 500$ as bounty. Security researchers spend many hours or even many days to find security vulnerability (bugs). They use set of tools in many cases, but usually they tries to do it manually.

Krutarth in White Hat List of Facebook

Security researchers who made responsible disclosure to facebook, their names are added to white hat list. Currently there are total 113 security researchers are on the list, in which 11 are Indians. Krutarth is one of the 113 white hats and the second name from Gujarat.

Our Conversation with Krutarth

Here is an extraction of the conversation between Krutarth Shukla and

How you came to know about this program?

I came to know about this program from News.

What kind of message (Technical/ Non-technical) you sent?

I sent message along with technical details including the reason behind occurrence of this security vulnerability, with a source URL of vulnerability.

What is the process and how much time it takes?

Once we report issue thier secuirty team analyze the bug and take decision for approval. Once it’s approved, thier engineers start fixing issue. And after it they pay bounty.

It would take about 10 days to 1 month of bug approval. Then they email a form. Once we mail form, they pay bounty. This procedure may takes 2 to 3 months.

What reward you get, and how they made payment?

Usually they gives bounty 500$, i had reported 2 bugs. So i got 1000$ as bounty.

Either they make payment via Paypal or issues a Black Card [Prepaid Debit Card ]. But now a days, they only issue Black Card. Exclusive Report


  1. thanks for the interview. it’s amazing.!!
    how did he solved the issue we more interested in knowing that..!
    Where is the information of e-mail that he send to u.?

  2. Welcome Deep,
    From Our Side, We Just have to report security vulnerability (bug), fixing of that security vulnerability completely depends on engineers of facebook, once we reported it, their security team will analyze the bug, even they will respond only if they found it is useful, otherwise they will not reply. this is why because everyday hundreds of security researchers reports bugs, but usually many of them are not a real security issue.
    After approval of reported bugs, they will start to fix it, and after fixing it, they gives confirmation.
    If anyone believe they found a security vulnerability on Facebook, they can report it from this link.

    Check above link for more details.
    And below is the some screenshot of email communication between me & facebook support team.

    • Deep, I can’t disclose exact source url of bug due to security reasons, but let I Share What is was actually, By using that Security Vulnerability, User can show a list of Any Users that we want, with title People Who Like This,

      for example
      People Who Like This.

      -Mark Zuckerburg (with profile pic & link to profile)
      – Randi Zuckerburg
      – Mr.Xyz

      It shows as above even if Mark,Randy or Mr.XYZ didn’t liked my status. any number of user can be added to the list..