Error message

Notice: Undefined index: URL in tla_decode() (line 231 of /home/content/30/9800630/html/modules/php/php.module(80) : eval()'d code).

Facebook Bug Permits Anyone To Delete Your Photos; Social Networking Site Paid Hacker For The Discovery?

gold-guide.org

A web developer from Devankottai, Tamil Nadu in India found a bug that allowed him to delete any Facebook user's public photos. This security issue comes a few weeks after the controversial updated privacy policy of the site where users' data can be utilized by Facebook to create tailored advertisements for each member. The policy also allows the site to share the information with its partner apps and websites.

Lakshman Muthiyah was tinkering with Graph API, the same tool used by developers to make the Facebook app, and found a way to manipulate the code so that it deleted one of his images. He documented his exploit with a step-by-step guide in his blog. He opened his post with "What if your photos get deleted without your knowledge? This post is about a vulnerability found by me which allows a malicious user to delete any photo album on Facebook. Any photo album owned by a user or a page or a group could be deleted."
Lakshman manipulated the mobile access for Facebook since it has a feature that enables users to delete all photo albums in the app. He wrote that it used the same Graph API so he took note of an album ID and tried it on a Facebook for Android access token. He was able to delete an album using the code.
It's a good thing that Muthiyah reported his discovery to Facebook's security team instead of misusing his knowledge. The social networking site's developers were able to fix the issue in less than two hours. A rep from Facebook confirmed the bug and clarified that, "This issue would have required knowledge of the ID of the target photo album, as well as permission to view the album based on the album's privacy settings." They thanked Muthiyah for his help with a $12,500 reward according to their bug bounty program.

Source: ischoolguide.com

About Us

A small but energetic team working for http://www.SocNetNews.com brings the latest and most interesting news and updates to the public. We collect info about social networks and media activities and remark the newest movements in socnet field.

Info site links

Contact Us

  • Email: hayk.tonoyan at gmail.com