Researcher Earns Money With Facebook’s Bug Bounty Program

A 21 year old white hat hacker has claimed a bounty of $12,500 USD after identifying a bug in which hackers could use an exploit to delete any photo on Facebook by taking advantage of vulnerable code in the support platform.  According to Arul Kumar (who posted about the code on his blog) a hacker could exploit code that could be accessed through correspondence emails from support to the user, and gain access to the ability to delete any photo.  He explains it all in his blog post.

Apparently Facebook has since patched the vulnerability and awarded Kumar with a cash bounty in accordance with their Bug Bounty program which offers rewards to researchers who can identify vulnerabilities and loopholes within the Facebook infrastructure.

According to Kumar, someone could have exploited this to delete photos from accounts such as Rhianna, Eminem, or even Facebook CEO and founder Mark Zuckerberg himself.

It’s truly amazing at how people can figure these exploits out, and it’s nice to see that Kumar did so in the name of good.  He certainly reaped a nice benefit – I’d rather take cash than have the smug knowledge that I deleted some poor sap’s pictures.

You can find out more about the white hat bug bounty system on this Facebook page

Illustration by Arul Kumar

Illustration by Arul Kumar

.

About the Author

Roger Feinstein has grown up with computers his entire life and strives to help others understand what goes on behind the scenes in their PCs. He's been writing tech articles for websites for over 5 years.

Leave a Reply




If you want a picture to show with your comment, go get a Gravatar.