The latest Facebook bug bounty went to a web developer who discovered a bug that let him delete any photo album from the network. Laxman Muthiyah an Indian received a bounty of $12,500 for reporting the album-deleting bug.After two hours, Facebook got back to Muthiyah to let him know that the bug had been fxed and offered him the bounty.The bug would target Facebook’s Graph API, which lets users delete their own photo albums by clicking “delete album.”
Once Muthiyah discovered the bug he tried deleting one of his albums and after being successful he reported it to Facebook’s technical support team.In a blogpost titled, ‘How I Hacked Your Facebook Photos’, Muthiyah has explained in detail how the bug, that can delete a Facebook user’s photos, actually works.
“Thank you for reporting this information to us. We are sending it to the appropriate product team for further investigation. We will keep you update on our progress,” Facebook wrote to Muthiyah.
IT security company Sophos also points out in its Naked Security blog, Facebook album IDs are numeric, making them easy to guess. This means an attacker could have run a script to generate random album IDs and delete entire albums without the users knowing about it.
Latest posts by Unallocated Author (see all)
- The Digital Revolution: Ways to Drive Business Growth in the Private Education Sector - March 9, 2020
- Top Cybersecurity Trends In 2020 - February 20, 2020
- Microsoft Rolled Out Huge Patch Tuesday February With 99 Bug Fixes - February 14, 2020