ADVERTISEMENTREMOVE AD

Hacker Gets $15,000 Bounty For Solving Major Bug with Facebook 

The hacker managed to crack a major bug in Facebook that could have severely impacted any user. 

Updated
Tech News
2 min read
story-hero-img
i
Aa
Aa
Small
Aa
Medium
Aa
Large
Hindi Female

Hackers can make big money by finding backdoors for Facebook, Google, and even Twitter – it helps the companies detect and close security loopholes. The amount is a reflection of the companies’ effort and the risk which has been thwarted.

The Bangalore-based hacker was rewarded with $15,000 by Facebook for cracking a login-related bug which could have had catastrophic implications for users of the social networking site.

ADVERTISEMENTREMOVE AD

What Was the Issue?

Apparently, the hacker, Anand Prakash, was able to infiltrate into various Facebook accounts by resetting the password which gave him the following details. Facebook has admitted to the breach, and in return awarded him the bounty.

This post is about a simple vulnerability found on Facebook which could have been used to hack into other users’ Facebook accounts easily without any user interaction. This gave me full access to other user accounts by setting a new password.
Anand Prakash, Facebook bounty winner
0

Facebook Login Under Threat

Whenever a user forgets his password on Facebook, he has an option to reset the password by entering his phone number/email address and Facebook will then send a 6 digit code on his phone number/email address, which can be used in order to set a new password.
Anand Prakash, Facebook bounty winner

But that’s not all, Anand then looked out for the same issue on beta.facebook.com and mbasic.beta.facebook.com, and interestingly found the rate limiting was missing on forgot password endpoints.

To check the outcome, Anand decided to hack his own account and set a new password for it. After successfully doing so, he used the same password to login in the account which set the alarm bells ringing.

Once he alerted Facebook about the discovery, the social networking giants duly replied to Anand and thanked him for his findings.

The hacker managed to crack a major bug in Facebook that could have severely impacted any user. 
Here’s what Facebook said to Anand after accepting the loopholes. (Photo Courtesy: Anand Prakash/blog)

(At The Quint, we are answerable only to our audience. Play an active role in shaping our journalism by becoming a member. Because the truth is worth it.)

Read Latest News and Breaking News at The Quint, browse for more from tech-and-auto and tech-news

Topics:  Hacker   bounty 

Published: 
Speaking truth to power requires allies like you.
Become a Member
3 months
12 months
12 months
Check Member Benefits
Read More
×
×