- Actor Amanda Seales pushes back on #FreeRodneyReed movement Monday 10:58 PM
- Netflix thriller ‘Earthquake Bird’ can’t solve its own mystery Monday 4:45 PM
- Goop is selling an expensive ‘restraining arts’ BDSM kit Monday 4:17 PM
- Body positivity actress Lili Reinhart calls out Photoshopping app Monday 3:42 PM
- ‘Rick and Morty’ zeroes in on connections and leans into familiar territory Monday 3:30 PM
- People are sharing photos of how much they’ve changed in a decade Monday 2:30 PM
- A few of our favorite things on Newegg are on sale for Black Friday Monday 2:15 PM
- Disney adds ‘Bob’s Burgers’ movie back to release schedule after accidentally yanking it Monday 2:02 PM
- Ocasio-Cortez launches petition demanding Stephen Miller’s resignation Monday 1:24 PM
- Prince Andrew’s defense against child sex crimes stokes conspiracy theory flames Monday 1:20 PM
- More people may be looking to cancel Disney+ than Netflix Monday 1:09 PM
- Monday Night Football: How to stream Chiefs vs. Chargers live Monday 1:00 PM
- After days of deadly protests, Iran implements ‘largest internet shutdown ever’ Monday 12:55 PM
- ‘Disney Plus and thrust’ is apparently the new Netflix and Chill Monday 12:32 PM
- Woman fired, sued after coworker shared their sexts Monday 12:22 PM
One Facebook user could have deleted every photo on the site
With great power comes great vulnerabilities.
Given Facebook‘s vast resources and hacker ethos, its site is one of the least hackable social networks around—but where there’s a will, there’s a way.
On Thursday, software engineer Laxman Muthiyah published a startling discovery: with just a few lines of code, someone could delete your Facebook photos—and everyone’s else’s—in an instant.
Muthiyah, a white-hat hacker, provided the vulnerability to Facebook, which like many tech companies awards a “bug bounty” for proof of loopholes in its code like this one. As Muthiyah explained in a blog post titled “How I Hacked Your Facebook Photos,” just four lines of code could send a Facebook API call that would trigger the deletion of any photo album a user could find the ID for, whether by guessing, through public permissions, or by having friend permissions. Here’s the chunk of code:
DELETE /518171421550249 HTTP/1.1
Host : graph.facebook.com
Content-Length: 245 access_token=<Facebook_for_Android_Access_Token>
Since Facebook’s photo albums are named numerically in sequence, a malicious user could theoretically execute a script to delete every photo album ever uploaded to Facebook.
Luckily for us and for Facebook, Muthiyah reported his findings and the company took the hack very seriously.
“Immediately reported this bug to Facebook security team,” Muthiyah wrote, before adding that “there was a fix in place in less than 2 hours from the acknowledgement of the report.”
Muthiyah was rewarded quickly and handsomely with $12,500 through bugbountypayments.com, and Facebook has since patched the code. Just think, if Muthiyah’s hack had fallen into the wrong hands, those freshman-year beer-bong photos could have been gone for good
Taylor Hatmaker has reported on the tech industry for nearly a decade, covering privacy and government. Most recently, she was the Debug editor of the Daily Dot. Prior to that, she was a staff writer and deputy editor at ReadWrite, a tech and business reporter for Yahoo News, and the senior editor of Tecca. Her editorial interests include censorship, digital activism, LGBTQ issues, and futurist consumer tech.