- How to watch ‘Black Lightning’ online for free 4 Years Ago
- This ‘scientist’ learned what women find attractive by A/B testing his beard on Tinder 4 Years Ago
- Laura Ingraham mocks Rep. Ilhan Omar’s accent in audio clip Sunday 5:46 PM
- #ExposeChristianSchools goes viral after Karen Pence and Covington Catholic School uproars Sunday 4:37 PM
- People have started laundering money on Fortnite Sunday 3:03 PM
- Cardi B claps back at Tomi Lahren’s sarcastic tweet Sunday 1:25 PM
- Twitter may have exposed Android users’ private tweets Sunday 12:13 PM
- Leave Me Alurn is the ‘SNL’ product we wish existed in real life Sunday 10:06 AM
- How to watch ‘Charmed’ online for free Sunday 9:00 AM
- How to watch Patriots vs. Chiefs online for free Sunday 8:15 AM
- This is the ‘Star Wars’ VR experience you’re looking for Sunday 8:00 AM
- ‘Salt Fat Acid Heat’ takes viewers on a journey through the four building blocks of a great dish Sunday 7:00 AM
- How to tell the deep web from the dark web Sunday 7:00 AM
- How to watch the Saints vs. Rams online for free Sunday 6:15 AM
- How to watch ‘Supergirl’ online for free Sunday 6:00 AM
With great power comes great vulnerabilities.
Given Facebook‘s vast resources and hacker ethos, its site is one of the least hackable social networks around—but where there’s a will, there’s a way.
On Thursday, software engineer Laxman Muthiyah published a startling discovery: with just a few lines of code, someone could delete your Facebook photos—and everyone’s else’s—in an instant.
Muthiyah, a white-hat hacker, provided the vulnerability to Facebook, which like many tech companies awards a “bug bounty” for proof of loopholes in its code like this one. As Muthiyah explained in a blog post titled “How I Hacked Your Facebook Photos,” just four lines of code could send a Facebook API call that would trigger the deletion of any photo album a user could find the ID for, whether by guessing, through public permissions, or by having friend permissions. Here’s the chunk of code:
DELETE /518171421550249 HTTP/1.1
Host : graph.facebook.com
Content-Length: 245 access_token=<Facebook_for_Android_Access_Token>
Since Facebook’s photo albums are named numerically in sequence, a malicious user could theoretically execute a script to delete every photo album ever uploaded to Facebook.
Luckily for us and for Facebook, Muthiyah reported his findings and the company took the hack very seriously.
“Immediately reported this bug to Facebook security team,” Muthiyah wrote, before adding that “there was a fix in place in less than 2 hours from the acknowledgement of the report.”
Muthiyah was rewarded quickly and handsomely with $12,500 through bugbountypayments.com, and Facebook has since patched the code. Just think, if Muthiyah’s hack had fallen into the wrong hands, those freshman-year beer-bong photos could have been gone for good
Taylor Hatmaker has reported on the tech industry for nearly a decade, covering privacy and government. Most recently, she was the Debug editor of the Daily Dot. Prior to that, she was a staff writer and deputy editor at ReadWrite, a tech and business reporter for Yahoo News, and the senior editor of Tecca. Her editorial interests include censorship, digital activism, LGBTQ issues, and futurist consumer tech.