[Techie Tuesdays] Manish Bhattacharya - The Kid who paid his education loan by hacking into facebook

The story of Manish Bhattacharya stands out not only because of his humble beginnings but his determination and grit. Manish is a final year student of computer science engineering at Shobhit University Meerut. He has a knack for discovering vulnerabilities in web applications and so far has discovered bugs in the websites of Microsoft, Facebook, Dropbox, Shopify, Asana, Github etc and has won awards.

Manish studied in Bhagalpur, Bihar and was introduced to computers when he was in 3rd standard. However, the genius in him was dormant until he joined engineering. When Manish got into college, he got his hand on computer magazines and was hooked. He began to read more and more about hacking and started trying out what he learnt on various websites. In 2012 when Manish was in his second year, one of his friends blogged about an XSS vulnerability in MSN. Motivated by him Manish also tried his hand on the website of Microsoft Canada and posted the vulnerability. Microsoft acknowledged his gesture giving him a mention on their page. That was only the beginning.

Facebook and Asana

Manish received his first award from Asana for a discovering a Click Jacking vulnerability, he was awarded $ 100 for it. Also during the same time one of his friend discovered a vulnerability in Facebook and was awarded $5000. Motivated by him, Manish also started digging deeper and found two vulnerabilities related to messages and notes which allowed users to send messages to any Facebook profile using the compose page of the new mobile site.

The second issue which related to the mobile site was about getting likes and comments on any notes using ClickJacking. After interacting with users who have shared the Facebook note, Manish could get likes and comments from their profile without them knowing about it. After that instance, Manish received 3 more bounties from Facbook.

GitHub

In another instance Manish discovered several vulnerabilities in GitHub. Some were critical enough that he could take over any account on GitHub by modifying certain parameters. Github created a page for Manish (the first one for an Indian at the time).

Shopify

Manish also discovered an XSS vulnerability with Shopify and reported the vulnerability to the team. But they were reluctant and dismissed it. It was only when Manish logged into their forum and stared posting to reveal the true nature of the vulnerability, that it was acknowledged. And once more Manish was inducted into their hall of fame. He has also contributed to the security of Dropbox by discovering vulnerabilities.

Till date, Manish has found close to 50 bugs and his path has been rewarding. Manish talks about his most difficult time during the early days. During his engineering admission their father didn't have enough money to pay the fee. He borrowed 25,000 from the owner of the medical shop where he worked and gave an application for loan in the bank. However, a bank official asked him for the bribe to process the loan application. But Manish said, If he had the money he wouldn't have applied for the loan. Manish complained to higher authorities. His application was processed. But the bank officials were furious at him. They forced him to take his complaint back but Manish didn't back out.

Today Manish says he has paid all the loans with the bounty he received from bugs. Manish is looking forward to starting up on his own after graduation, though he has a couple of offers from startups and multinationals and work in the field of computer security.