Did you know that Facebook offers a monetary reward for any of you kids out there who can find a serious enough bug or security issue within the Facebook platform?
Many major software developers offer this sort of reward, mostly as an incentive for not selling your findings to unscrupulous hackers.
And Facebook’s most recent pay-out has been this week, to a man called Laxman Muthiyah, a web developer who discovered a pretty serious bug that would allow him to delete any photo album on Facebook, belonging to anyone, as long as the privacy settings would allow him to see it.
That’s a pretty serious bug. Certainly serious enough to warrant a $12,500 pay-out from a grateful Facebook who were presumably happy enough that the bug was discovered by a morally sound security researcher and not one of those kids belonging to “The Lizard Squad”.
[NERD]For those interested, the Facebook Graph API wasn’t authorising requests correctly, allowing a user to use their own Facebook “token” to authorise a delete request for any photo album they could reach. For the technically inclined, an impeccably straight-forward bug that should have been fixed many moons ago.[/NERD]
To Facebook’s credit they fixed the bug within 2 hours of Muthiyah telling them about it, and we’re sure they were thankful. If this were to be exploited by a group of criminals, it could have done untold damage to Facebook’s reputation, as millions of photos could have potentially been deleted.
Though we’re confident all of our readers have all their photos backed up somewhere safe, right? 😉
Find out more about Facebook’s white-hat bounty bug program here.