Facebook Pays Hacker $12,500 For Discovering Photo Security Flaw


Facebook Photo Security Flaw Earns Hacker 12 Thousand 500 Dollars

Engineer Arul Kumar, 21, recently collected a $12,500 payday from Facebook. Kumar discovered a Facebook photo security flaw that allowed him to delete photos from any users account.

Kumar exploited the flaw via the Facebook Support Dashboard which is used to send requests to remove unwanted photos by redirecting the removal request note.

By altering the URL string of a photo and turning it into a removal request Kumar was able to trick the system into sending the request to a second account that he controlled.

Each photo contains a photo ID and profile ID number at the end of the URL. After changing the profile numbers to that of his own account Facebook sent the notification to his inbox where he was able to control the deletion request.

Here’s what the budding engineer wrote on his blog:

Facebook Photo Security Flaw

Facebook immediately fixed the bug and gave Kumar his $12,500 bonus.

Facebook’s white hat program rewards hackers for reporting security flaws. Facebook pays a minimum of $500 if they deem the threat real and there is no maximum cap that can be paid.

Are you worried about the state of Facebook account security?


Kokou Adzo

Kokou Adzo is a seasoned professional with a strong background in growth strategies and editorial responsibilities. Kokou has been instrumental in driving companies' expansion and fortifying their market presence. His academic credentials underscore his expertise; having studied Communication at the Università degli Studi di Siena (Italy), he later honed his skills in growth hacking at the Growth Tribe Academy (Amsterdam).

0 Comments

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.