Facebook public photos could have been deleted

"White Hat" found that photos could have been deleted with four lines of code

Tags: Facebook Incorporation
  • E-Mail
Facebook public photos could have been deleted Mathuyah: "I got access to delete all of your Facebook photos (photos which are public or the photos I could see)."
By  Helen Gaskell Published  February 17, 2015

A bug found in Facebook meant that public photos could have been deleted with just four lines of code, the BBC reported citing an online security researcher.

Laxman Muthiyah was playing around with Graph API - the tool which developers use to make Facebook apps and while testing his own photos, found a way to manipulate the code so that it deleted one of his images.

"What if your photos get deleted without your knowledge? Obviously that's very disgusting isn't it?" he wrote on his blog.

"I got access to delete all of your Facebook photos (photos which are public or the photos I could see)," explained Mathuyah.

He immediately reported the bug to Facebook's security team which has a programme in place where "white hats" or ethical computer hackers, can report vulnerabilities to the site.

"They were fast in identifying this issue and there was a fix in place in less than two hours from the acknowledgement of the report."

According to the BBC, it does not appear that any misuse has been reported as a result of this bug, and private photos and data were not affected.

A Facebook spokesperson confirmed the sequence of events, saying in a statement: "We received a report about an issue with our Graph API and quickly fixed it

"We'd like to thank the researcher who reported the issue to us through our bug bounty program."

Facebook’s programme states that: "If you give us reasonable time to respond to your report before making any information public, and make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service during your research, we will not bring any lawsuit against you or ask law enforcement to investigate you".

A number white hats are also offered a "monetary bounty" for reporting bugs, while some have their names posted to a thank you page on the site. Muthiyah has posted a screenshot of a Facebook message saying he has been offered $12,500 as a reward for finding the fault.

 

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code