This Facebook Bug Allowed Anyone To Delete Your Photos
How many photos do you have on Facebook? How many of those are photos you never thought to back up?
This just-disclosed Facebook bug would have allowed for anyone with a bit of technical know-how to delete any photo on Facebook.
Fortunately, the guy who discovered the bug (Laxman Muthiyah of India) was quick to give Facebook a heads up — and for his troubles, he got a $12,500 bounty. (Sure, the bug could have pretty easily done more than $12,500 worth of damage to Facebook — but that’s not quite how bug bounty projects work.)
Facebook turned around and fixed the bug in about two hours.
Laxman has a breakdown of how it all works here, but here’s the short version: Facebook’s Graph API wasn’t checking permissions properly. If you sent a request to the Graph API to delete another user’s photo album and toss your own Facebook for…
View original post 169 more words