Facebook Fixed A Bug That Could Have Deleted All Of Your Photos


A security researcher earned a tidy reward from Facebook for reporting a major hole in the social network’s code

Facebook has patched a serious hole that allowed anyone to delete any user’s photos using only four lines of code. In a blog post on 7Xter, Laxman Muthiyah described the hole he discovered and said he could delete any photo album in just seconds using the code.

Facebook Fixed A Bug That Could Have Deleted All Of Your Photos

Facebook pays the researcher

The security researcher reported the hole to Facebook, which immediately patched the hole and paid him a reward of $12,500 for discovering it and reporting it. Muthiyah said he was playing around with the social network’s Graph API and considered what would happen if someone’s photos were deleted without them knowing about it.

DG Value: Targeting Overlooked Opportunities In The Middle Market

Yarra Square Investing Greenhaven Road CapitalFounded in 2007 by Dov Gertzulin, DG Value is a value-focused investment firm. The firm runs two primary investment strategies, the diversified DG Value Funds and the concentrated DG Concentrated strategy. Q3 2021 hedge fund letters, conferences and more The flagship DG Value Fund was launched in 2007, specializing in middle-market distressed situations and event-driven Read More

“Obviously that’s very disgusting isn’t it,” he wrote in his blog post.

Easy to delete photos from Facebook

The cyber-security researcher made it sound so easy to delete anyone’s photo albums from Facebook. He tried it using a “Facebook for mobile access token.” This method gives a delete choice for all of the photo albums that have been loaded into Facebook’s mobile app. Additionally, he said it uses the same API as Graph. He ended up picking a photo album ID and a token for Facebook for Android and tried it out, with success.

As Adam Clark Estes of Gizmodo explains, the tokens used for Facebook access are basically just character strings that give apps permission to access a particular user’s profile. For example, logging into a game using a Facebook profile creates a unique token to allow users to get into the game using their profile on the social network.

Video of Facebook hack posted on YouTube

The security researcher posted a video of himself on YouTube showing how the hack works. He said it only took two hours for Facebook to close the hole he found. It’s certainly a good thing the hole was discovered by a white hat hacker who reported it because he could have gone through and deleted every photo album on Facebook using his code. What a mess that would have been.

Updated on

No posts to display