Skip to main content

Bug bounty hunter scores on Facebook and turns in another hacker

While earning a $10,000 bounty, a penetration tester called Orange Tsai discovered another hacker’s backdoor already in place on a Facebook server, as reported by The Register. Orange Tsai turned in the other hacker’s mischief along with O.T.’s own success at cracking the server. Just another day in the life of professional bounty hacker.

Facebook’s bug bounty program pays rewards to anyone who finds and documents problems with its websites or systems. The rules for the program are detailed along with a long list of eligible websites, apps, and services. Fair game Facebook assets include Facebook.com, Instagram.com, and Oculus.com. WhatsApp, LiveRail, and Atlas aren’t included, so if you’re hacking for a bounty, hack elsewhere.

Recommended Videos

Orange Tsai works for Taiwan-based Devcore and published the full details of the hunt on a company blog. O.T. hacked into a Facebook staff server. Once inside, O.T. found a backdoor left by another hacker, along with code that could exploit Facebook staff credentials.

Orange Tsai reported the other hacker’s access when turning in his own bug report. After researching the reports, Facebook security engineer Reginaldo Silva discovered they already knew of the other hacker. That person is also part of their bug hunt program.

“We determined that the activity Orange detected was in fact from another researcher who participates in our bounty program. Neither of them were (sic) able to compromise other parts of our infrastructure, so the way we see it, it’s a double win: two competent researchers assessed the system, one of them reported what he found to us and got a good bounty, none of them were able to escalate access,” said Silva.

So Orange Tsai was paid for breaking into the Facebook server and also recognized for finding bug hunter tracks. In addition the money, Facebook recognized Orange Tsai on its official bug hunt thank you list.

Bruce Brown
Bruce Brown Contributing Editor   As a Contributing Editor to the Auto teams at Digital Trends and TheManual.com, Bruce…
Bluesky finally adds a feature many had been waiting for
A blue sky with clouds.

Bluesky has been making a lot of progress in recent months by simplifying the process to sign up while at the same time rolling out a steady stream of new features.

As part of those continuing efforts, the social media app has just announced that users can now send direct messages (DMs).

Read more
Reddit just achieved something for the first time in its 20-year history
The Reddit logo.

Reddit’s on a roll. The social media platform has just turned a profit for the first time in its 20-year history, and now boasts a record 97.2 million daily active users, marking a year-over-year increase of 47%. A few times during the quarter, the figure topped 100 million, which Reddit CEO and co-founder Steve Huffman said in a letter to shareholders had been a “long-standing milestone” for the site.

The company, which went public in March, announced the news in its third-quarter earnings results on Tuesday.

Read more
Worried about the TikTok ban? This is how it might look on your phone
TikTok splash screen on an Android phone.

The US Supreme Court has decided to uphold a law that would see TikTok banned in the country on January 19. Now, the platform has issued an official statement, confirming that it will indeed shut down unless it gets some emergency relief from the outgoing president.

“Unless the Biden Administration immediately provides a definitive statement to satisfy the most critical service providers assuring non-enforcement, unfortunately TikTok will be forced to go dark on January 19,” said the company soon after the court’s verdict.
So, what does going dark mean?
So, far, there is no official statement on what exactly TikTok means by “going dark.” There is a lot of speculation out there on how exactly the app or website will look once TikTok shutters in the US.

Read more