Menu
Facebook fixes flaw that could have let hackers delete photos

Facebook fixes flaw that could have let hackers delete photos

Facebook paid an outside developer US$12,500 for discovering the flaw

Privacy on Facebook

Privacy on Facebook

The speed at which Facebook responded to a reported security vulnerability shows how important photos have become to the site.

The vulnerability could have allowed hackers to delete photos. An outside developer discovered the vulnerability in Facebook's Graph API, the primary way for outside developers to build apps and software that tap into Facebook's data.

The developer, identifying himself as Laxman Muthiyah in a blog post published Thursday, said he was able to use a mobile access token for the API to delete photo albums that were not his.

He alerted Facebook to the vulnerability and Facebook reacted quickly, issuing a fix within two hours from acknowledgment of Muthiyah's report. Facebook also paid him US$12,500 through the company's bug bounty program.

More than two billion photos are shared daily across Facebook, CEO Mark Zuckerberg said last month during the company's fourth quarter earnings call.

Facebook is not aware of any misuse of the vulnerability, a source at the company said. Also, triggering it would have required knowledge of the ID of the person's photo album based on its URL, as well as permission to view the album based on the album's privacy settings.

The issue could not enable someone to log into another's account, nor did it allow access to view any other part of a person's account.

$12,500 is above average for a Facebook bug bounty reward, with $500 being the minimum reward. Last year a computer engineer was awarded $33,500 for discovering a vulnerability that could have let a hacker read almost any file on a Facebook server.

Zach Miners covers social networking, search and general technology news for IDG News Service. Follow Zach on Twitter at @zachminers. Zach's e-mail address is zach_miners@idg.com


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags securitysocial mediainternetFacebooksocial networkingInternet-based applications and services

Featured

Slideshows

Meet the leading female front runners of the Kiwi channel

Meet the leading female front runners of the Kiwi channel

Reseller News honoured the leading female front runners of the New Zealand channel at the 2018 Women in ICT Awards (WIICTA) in Auckland. The awards honoured standout individuals across seven categories, spanning Entrepreneur; Innovation; Rising Star; Shining Star; Community; Technical and Achievement.

Meet the leading female front runners of the Kiwi channel
Meet the top performing customer-centric Microsoft channel partners

Meet the top performing customer-centric Microsoft channel partners

Microsoft honoured leading partners across the channel following a year of customer innovation and market growth in New Zealand. The 2018 Microsoft Partner Awards recognised excellence within the context of the end-user, spanning a host of emerging and established providers.

Meet the top performing customer-centric Microsoft channel partners
Reseller News launches new-look Awards at 2018 Judges’ Lunch

Reseller News launches new-look Awards at 2018 Judges’ Lunch

Introducing the Reseller News Innovation Awards, launched to the channel at the 2018 Judges’ Lunch in Auckland. With more than 70 judges now part of the voting panel, the new-look awards will reflect the changing dynamics of the channel, recognising excellence across customer value and innovation - spanning start-ups, partners, distributors and vendors.

Reseller News launches new-look Awards at 2018 Judges’ Lunch
Show Comments