BUG: Facebook Page Auto-Likes Its Own Posts

Updated on

A new bug has hit Facebook Pages and it’s forcing them to auto-like their own posts.

The infuriating bug makes it look as though Pages are making a desperate attempt to boost the number of likes on a given post by liking it themselves. We all have that one friend that doesn’t seem to realize that this comes across as strange and narcissistic, but for international companies it could turn into a public relations problem.

Facebook bug auto-likes posts

The bug became apparent overnight, with Facebook Pages receiving likes from themselves on their own posts. Among those affected were ValueWalk, The Next Web, Livestrong and Emojipedia along with smaller, personal businesses.

At first it looked as though someone on the team was liking the posts by mistake, perhaps thinking that they were logged into their own account. However it soon became apparent that it was a bug.

When the Facebook Page admins tried to unlike the post, a grey button popped up that wouldn’t let them undo the action. The Next Web says that some of the auto-likes have since been removed of their own accord, so it looks like Facebook is working on fixing the problem.

Other bugs pose security threat to users

While this latest bug could cause slight embarassment for some Facebook Page admins, there are worse bugs to worry about. A few weeks ago Facebook had to patch up an Instagram bug which had left 1 million users of the photo sharing app open to hackers.

The security researcher who discovered the bug, Arne Swinnen, received $5,000 for his efforts under the terms of the Facebook bug bounty program. Swinnen found two security weaknesses after he tried to access an old test account after not using it for a while.

He was asked to verify his account due to inactivity, and Swinnen then noticed that the page was lacking necessary authentication protocols. He was able to update the email addresses related to some temporarily locked Instagram accounts and therefore gain access.

“Once an attacker could set the email address linked to an Instagram account, he/she could perform a password reset via email and gain full access to it,” the researcher notes. “Big security impact, but only 0.17 percent of accounts affected.”

Bug bounty programs becoming popular among tech companies

Swinnen says that the social network took less than 24 hours to fix the bug after he reported it on March 14. There are now authentication protocols on page which allow users to make changes to their profile information.

The researcher was paid his bounty reward 10 days later. Facebook is one of a number of large tech companies that have launched bug bounty programs recently.

The idea is to offer rewards to so-called “white hat” hackers who look for weaknesses in company systems. Rather than exploiting these weaknesses for their own gain as “black hat” hackers may do, the white hats report the bugs to tech companies.

In this way the companies protect customer data by providing an incentive to hackers. Anand Prakash, an Indian security engineer, found a major bug that allowed him to access any Facebook account earlier this year.

“I was able to view messages, his credit/debit cards stored under payment section, personal photos and more,” he said.

He was paid a hefty sum of $15,000 for his efforts. There was no evidence that the flaw had been exploited by malicious hackers. Other companies such as Uber are also offering bounties to hackers that find bugs.

Leave a Comment