Facebook Pays $20K Bounty To Researcher Who Found A Major Security Flaw In Facebook Before Hackers Did
Reuters
Last month, UK security researcher Jack Whitton found a way to hack into other users' Facebook accounts without their knowledge, simply by sending a text message to Facebook, Dave Lee of BBC News reported Friday.
The flaw, which Facebook has fixed, was in a Facebook service that lets users link their mobile phones with their accounts. This lets them log into Facebook using their phone number instead of their email address, and send profile updates via text message.
To activate this feature, a user sends a text message to Facebook, which texts back an authorization code. This code is what ties the user's device to their account.
But Whitton found that Facebook's authorization code could be tweaked to work with other users accounts as well. This means a hacker could just change the password and gain complete control over the account, Whitton explained in a blog post.
We've reached out to Facebook for comment and will update if we hear back.
Graham Cluely, an independent security analyst, says the bug could have had a widespread impact on Facebook users.
"This should – obviously – have been impossible, but due to a weakness in Facebook’s tangled nest of millions and millions of lines in code, potentially hundreds of millions of accounts were vulnerable to hijacking through the simple technique," Cluely said in a Friday blog post.
Whitton informed Facebook about the flaw May 23, and Facebook fixed it five days later. Facebook gave Whitton a shout-out on its list of "white hats," the term for researchers who find
Facebook has been dealing with other major security issues lately.
Earlier this month, Facebook acknowledged a bug that caused it to accidentally share contact information for about 6 million users. And in February, developer Nir Goldshlager found a flaw in Facebook's code that made it possible to hijack Facebook accounts.
- I spent $2,000 for 7 nights in a 179-square-foot room on one of the world's largest cruise ships. Take a look inside my cabin.
- Colon cancer rates are rising in young people. If you have two symptoms you should get a colonoscopy, a GI oncologist says.
- Saudi Arabia wants China to help fund its struggling $500 billion Neom megaproject. Investors may not be too excited.
- Catan adds climate change to the latest edition of the world-famous board game
- Tired of blatant misinformation in the media? This video game can help you and your family fight fake news!
- Tired of blatant misinformation in the media? This video game can help you and your family fight fake news!
- JNK India IPO allotment – How to check allotment, GMP, listing date and more
- Indian Army unveils selfie point at Hombotingla Pass ahead of 25th anniversary of Kargil Vijay Diwas
- JNK India IPO allotment date
- JioCinema New Plans
- Realme Narzo 70 Launched
- Apple Let Loose event
- Elon Musk Apology
- RIL cash flows
- Charlie Munger
- Feedbank IPO allotment
- Tata IPO allotment
- Most generous retirement plans
- Broadcom lays off
- Cibil Score vs Cibil Report
- Birla and Bajaj in top Richest
- Nestle Sept 2023 report
- India Equity Market