Facebook has a bug bounty program that allows you to find vulnerabilities and report security issues ethically. If the security issue that you found is harmful to the privacy of Facebook’s users or its servers then they will pay money as a reward for your efforts. So I also found a bug on Facebook and earned $500. Let’s discuss the bug. The bug was to know a user has blocked another user or not.

To understand this, let’s take an example. Suppose there are 3 users A, B, and C. Here, A and B are friends on Facebook. The user B has blocked user C. Now user A wants to know whether user B has blocked user C or not. But how? Let’s see the below 2 case possibilities.

1. If user A is accessing Facebook using mobile site: Here, he needs to make a post.

• The user A will go to the profile of user B. For example, User A will go to m.facebook.com/b
• Then user A will post the URL of the user C (For example, “https://www.facebook.com/c”) to the B’s profile as a post via mobile site.

Here, the magic happens. The post will get automatically disappear, as neither the user A nor B will be able to see the post containing a link of a profile that has been blocked by B. But if B doesn’t block C then the post will appear on the user B’s Timeline.

2. If user A is accessing Facebook using a computer site: Here, he doesn’t need to make a post.

• The user A will go to the profile of user B. For example, User A will go to “https://www.facebook.com/b”
• The user A will paste the URL of the user C (For example, “https://www.facebook.com/c”) to the B’s profile in the box where we post status.
• Now he/she(user A) just needs to hit the preview button. Now user A will not be able to see the preview of that one.

But if B doesn’t block C then user A will able to see the preview. That is how I earned 500 dollars. Once Facebook accepted the bug you will surely earn a minimum of Five Hundred Dollars. Below is the reply of the Facebook Team: