Facebook serves as a great social networking platform for sharing photos with your friends. But a recent bug found on the site threatened the existence of those photos. Thankfully, Facebook managed to fix the vulnerability in a matter of just two hours after being reported by an Indian software engineer, Laxman Muthiyah.
The end result is Facebook saved all the photos stored on its platform before any notorious hacker could exploit the fault in its system to delete them.
The issue was found and reported to Facebook on Monday. The talented security team at Facebook had a fix in place within two hours, Muthiyah wrote in his blog. For finding the security flaw and reporting it to Facebook, Muthiyah received a generous reward of $12,500 under the company's bug bounty project.
He will also be listed in Facebook's Hall Of Fame wall among other contributors who helped in making the site more secure.
Muthiyah gave a breakdown of how he was able to delete an entire photo album of another person using Facebook's Graph API as a proof of concept. According to the blogger, simply entering the photo album's ID number in a brief code carried out the request to delete other people's photos without their consent. Graph API's aren't designed to delete photos, but serve as a way for developers to read and write users' data. It was found otherwise in this case.
According to a company source, the bug was not abused by any other hacker, Computer World reported. Facebook CEO Mark Zuckerberg revealed during the company's fourth quarter earnings call that more than two billion photos are shared across the site every day. This shows the extent of damage the bug could have done if fallen into wrong hands.
Facebook has rewarded handsomely to researchers who report bugs on the site over the years. The company has thanked 19 people just this year for finding and reporting bugs before they could be exploited by hackers.
Facebook's bug bounty program has a minimum reward of $500, but goes further based on the intensity of the discovery. Last year, the company gave $33,500 as a bounty for finding a bug that could have allowed hackers to read almost anything stored on Facebook's server.
