Facebook pays researcher $12.5K bounty for uncovering image-deletion security flaw


Arul Kumar isn’t the first person to be paid for spotting a security flaw in a widely used online service, and he certainly won’t be the last.

The 21-year-old electronics and communication engineer revealed this week that Facebook paid him $12,500 for spotting a software vulnerability that could allow a hacker to delete any image stored on the social networking site. While the company is known to pay out for discoveries like this, such a large amount is thought to be rare, meaning Facebook’s security team considered it to be potentially very damaging.
Ethical hacker

Kumar, who on his blog describes himself as someone “with a passion in ethical hacking”, discovered that the bug existed with all versions of all browsers for both PC and mobile. The engineer explained on his blog that he found the flaw by going through Facebook’s Support Dashboard, which is used for sending photo removal requests to company staff.

Such requests can also be sent direct to the person who uploaded the image via the photo removal request form. The uploader receives a link, which, if clicked, removes the image.

However, Kumar found a way for a hacker to generate a photo removal link and have it sent to their own inbox, thereby allowing them to delete the image without the uploader knowing.

After bringing the bug to the attention of Facebook via its Bug Bounty program, the company’s security team agreed to pay out $12,500 for his effort.

Read more: http://www.digitaltrends.com/social-media/facebook-pays-researcher-12-5k-bounty-for-uncovering-site-security-flaw/#ixzz2duALSL00
Follow us: @digitaltrends on Twitter | digitaltrendsftw on Facebook