- Everything we know so far about Peacock, NBC’s new streaming service Tuesday 7:42 PM
- Selena Gomez producing docuseries about immigration for Netflix Tuesday 7:11 PM
- How to stream Manchester City vs. Shakhtar Donetsk in Champions League action Tuesday 6:14 PM
- Milo Yiannopoulos threatens to crash furry convention he is barred from Tuesday 5:54 PM
- How to stream Juventus vs. Atletico Madrid in Champions League action Tuesday 5:52 PM
- How to stream Real Madrid vs. PSG in Champions League action Tuesday 5:24 PM
- No-fly zone implemented over Area 51 ahead of Alienstock festival Tuesday 5:16 PM
- TikTok accused of censoring content about Hong Kong protests Tuesday 5:04 PM
- Smoke ’em, pass ’em, Week 3: At the Bakery Tuesday 4:38 PM
- Alex Trebek says he will be undergoing chemotherapy again Tuesday 4:27 PM
- Dan Crenshaw roasted after attacking Sanders’ call for veteran care Tuesday 4:19 PM
- How to stream NXT for its USA network debut Tuesday 4:12 PM
- This website will show you how AI classifies you Tuesday 3:22 PM
- School tells Black 4-year-old to cut his hair or wear a dress Tuesday 3:17 PM
- Lizzo called a ‘snitch’ for accusing Postmates runner of stealing food Tuesday 2:30 PM
One Facebook user could have deleted every photo on the site
With great power comes great vulnerabilities.
Given Facebook‘s vast resources and hacker ethos, its site is one of the least hackable social networks around—but where there’s a will, there’s a way.
On Thursday, software engineer Laxman Muthiyah published a startling discovery: with just a few lines of code, someone could delete your Facebook photos—and everyone’s else’s—in an instant.
Muthiyah, a white-hat hacker, provided the vulnerability to Facebook, which like many tech companies awards a “bug bounty” for proof of loopholes in its code like this one. As Muthiyah explained in a blog post titled “How I Hacked Your Facebook Photos,” just four lines of code could send a Facebook API call that would trigger the deletion of any photo album a user could find the ID for, whether by guessing, through public permissions, or by having friend permissions. Here’s the chunk of code:
DELETE /518171421550249 HTTP/1.1
Host : graph.facebook.com
Content-Length: 245 access_token=<Facebook_for_Android_Access_Token>
Since Facebook’s photo albums are named numerically in sequence, a malicious user could theoretically execute a script to delete every photo album ever uploaded to Facebook.
Luckily for us and for Facebook, Muthiyah reported his findings and the company took the hack very seriously.
“Immediately reported this bug to Facebook security team,” Muthiyah wrote, before adding that “there was a fix in place in less than 2 hours from the acknowledgement of the report.”
Muthiyah was rewarded quickly and handsomely with $12,500 through bugbountypayments.com, and Facebook has since patched the code. Just think, if Muthiyah’s hack had fallen into the wrong hands, those freshman-year beer-bong photos could have been gone for good
Taylor Hatmaker has reported on the tech industry for nearly a decade, covering privacy and government. Most recently, she was the Debug editor of the Daily Dot. Prior to that, she was a staff writer and deputy editor at ReadWrite, a tech and business reporter for Yahoo News, and the senior editor of Tecca. Her editorial interests include censorship, digital activism, LGBTQ issues, and futurist consumer tech.