Menu
Facebook fixes flaw that could have let hackers delete photos

Facebook fixes flaw that could have let hackers delete photos

Facebook paid an outside developer US$12,500 for discovering the flaw

Privacy on Facebook

Privacy on Facebook

The speed at which Facebook responded to a reported security vulnerability shows how important photos have become to the site.

The vulnerability could have allowed hackers to delete photos. An outside developer discovered the vulnerability in Facebook's Graph API, the primary way for outside developers to build apps and software that tap into Facebook's data.

The developer, identifying himself as Laxman Muthiyah in a blog post published Thursday, said he was able to use a mobile access token for the API to delete photo albums that were not his.

He alerted Facebook to the vulnerability and Facebook reacted quickly, issuing a fix within two hours from acknowledgment of Muthiyah's report. Facebook also paid him US$12,500 through the company's bug bounty program.

More than two billion photos are shared daily across Facebook, CEO Mark Zuckerberg said last month during the company's fourth quarter earnings call.

Facebook is not aware of any misuse of the vulnerability, a source at the company said. Also, triggering it would have required knowledge of the ID of the person's photo album based on its URL, as well as permission to view the album based on the album's privacy settings.

The issue could not enable someone to log into another's account, nor did it allow access to view any other part of a person's account.

$12,500 is above average for a Facebook bug bounty reward, with $500 being the minimum reward. Last year a computer engineer was awarded $33,500 for discovering a vulnerability that could have let a hacker read almost any file on a Facebook server.

Zach Miners covers social networking, search and general technology news for IDG News Service. Follow Zach on Twitter at @zachminers. Zach's e-mail address is zach_miners@idg.com

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags Internet-based applications and servicessecuritysocial networkingsocial mediainternetFacebook

Featured

Slideshows

Kiwi channel reunites as After Hours kicks off 2017

Kiwi channel reunites as After Hours kicks off 2017

After Hours made a welcome return to the channel social calendar last night, with a bumper crowd of distributors, vendors and resellers descending on The Jefferson in Auckland to kickstart 2017. Photos by Maria Stefina.

Kiwi channel reunites as After Hours kicks off 2017
Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow Electronics introduced Tenable Network Security to local resellers in Sydney last week, officially launching the distributor's latest security partnership across Australia and New Zealand. Representing the first direct distribution agreement locally for Tenable specifically, the deal sees Arrow deliver security solutions directly to mid-market and enterprise channel partners on both sides of the Tasman.

Arrow exclusively introduces Tenable Network Security to A/NZ channel
Examining the changing job scene in the Kiwi channel

Examining the changing job scene in the Kiwi channel

Typically, the New Year brings new opportunities for personnel within the Kiwi channel. 2017 started no differently, with a host of appointments, departures and reshuffles across vendor, distributor and reseller businesses. As a result, the job scene across New Zealand has changed - here’s a run down of who is working where in the year ahead…

Examining the changing job scene in the Kiwi channel
Show Comments