Indian techie Laxman Muthiyah, has earned $12500 from Facebook for discovering a vulnerability which could have let hackers delete photos from just about any user account. To team Zuckerberg’s credit, the security flaw was acknowledged and fixed within less than two hours of being notified about it.
Photos are extremely important to Facebook, just as important as it is to let users feel that they have adequate control over the content they upload to the site. But when a hacker can delete all your pictures which are visible to them without your permission, you wouldn’t think you had any say in the matter, right?
Considering that over 2 billion images are shared on Facebook daily, the company simply had to react urgently when contacted by Muthiyah about the vulnerability in its Graph API. The last mentioned is what developers need in order to create applications, games and other software based on the data accessible to them through the social networking website.
Related post: Facebook will now auto-enhance pictures that you upload
In his blog post, Muthiyah offers a simplified explanation of how the bug can be directed to delete a victim’s photographs. He notes that a mobile access token for the Graph API is enough to do the deed. No cases of the vulnerability being misused have been reported, according to Facebook. Additionally, it does not enable anyone to hack into another person’s account or see private photos.
The $12500 reward that has been presented to Laxman Muthiyah for discovering the vulnerability affecting Facebook photos, comes from the company’s bug bounty program which offers a minimum prize of $500. The full list of terms and conditions can be viewed by heading to this official link.