A Facebook security flaw that could have paved the way for hackers to delete users' photo albums has won the researcher who discovered it an 8,000 bounty.
Lakshman Muthiyah, a researcher based in Tamil Nadu, said he was experimenting with the Facebook Graph API that allows developers to read and write data in Facebook applications, when he discovered he could send a "delete" function to a Facebook for Mobile application using the API that allowed him to delete any photo album on the site.
"This post is about a vulnerability found by me which allows a malicious user to delete any photo album on Facebook. Any photo album owned by an user or a page or a group could be deleted," Muthiyah said, in a blog post.
"I immediately reported this bug to the Facebook security team. They were too fast in identifying this issue and there was a fix in place in less than two hours from the acknowledgement of the report."
Facebook said in a statement: "We received a report about an issue with our Graph API and quickly fixed it."
The majority of Facebook bugs are uncovered by Indian security researchers, while the UK, Turkey and Germany come next in the charts. The company has been known to pay bounties up to 13,000 and to date, it has paid out over 1m to more than 300 researchers.
At the beginning of the month, Google announced it would be launching the Vulnerability Research Grants scheme, offering enhanced bounties for security researchers uncovering bugs on all its platforms, including within Google-developed Android apps.
Google security engineer Eduardo Vela Nava said on the company's blog: "We'll publish different types of vulnerabilities, products and services for which we want to support research beyond our normal vulnerability rewards.
"We'll award grants immediately before research begins, with no strings attached. Researchers then pursue the research they applied for, as usual. There will be various tiers of grants, with a maximum of $3,133.70."
-
Cleo attack victim list grows as Hertz confirms customer data stolenNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
Lateral moves in tech: Why leaders should support employee mobilityIn-depth Encouraging staff to switch roles can have long-term benefits for skills in the tech sector
-
Meta to pay $725 million in Cambridge Analytica lawsuit settlementNews The settlement closes the long-running lawsuit into how Facebook's owner, Meta, handled the Cambridge Analytica scandal
-
Meta's earnings are 'cause for concern' and 2023 looks even bleakerAnalysis Calls for investor faith in metaverse tech only emphasise the worries that its investment strategy won't pay off
-
Microsoft and Meta announce integration deal between Teams and WorkplaceNews Features from both business collaboration platforms will be available to users without having to switch apps
-
Facebook is shutting down its controversial facial recognition systemNews The move will see more than a billion facial templates removed from Facebook's records amid a push for more private applications of the technology
-
'Changing name to Meat': Industry reacts to Facebook's Meta rebrandNews The rebrand attempts to provide a clearer distinction between Facebook and its umbrella company
-
Facebook's Oversight Board demands more transparencyNews Board bashed the social media giant for its preferential treatment of certain high-profile accounts
-
Facebook claims AI managed to reduce hate speech by 50%News The social media platform has hit back at claims the tech it uses to fight hate speech is inadequate
-
Facebook to hire 10,000 workers across the EUNews The high-skilled jobs drive is a “vote of confidence” in the European tech industry
