Facebook pays $15,000 bounty to close bug that can access any user’s account

facebook jobs tab woman using
A major flaw in Facebook’s account security has been brought to light by a security researcher, who has received a cool $15,000 payout from the social network for his efforts.

Anand Prakash spotted the flaw, which allowed him access to any user’s account on the platform, last month. The bug was related to the Facebook account reset process, which results in the site sending a six-digit PIN to a user’s phone to be used as a temporary password.

Usually, the individual resetting an account is granted approximately 10-12 wrong password guesses. Prakash noticed that those security measures were missing from the Facebook beta site for developers, where every single user account is also readily available. Consequently, the bug allowed Prakash to seemingly flood the site with PIN guesses, and hack into any account he wanted.

Instead of exploiting the flaw, however, Prakash notified Facebook through its report vulnerability page. The following day, the social network confirmed that the bug occurred due to a change to the beta page a few days earlier. Although Facebook assures that the flaw was not misused in that time frame, it still felt compelled to pay the $15,000 bug bounty to Prakash.

The resulting award and Facebook’s rapid response in stamping out the bug hints at the major risk involved. It may not have been the most complicated security issue, but it could have resulted in complete chaos if utilized through the site’s main page.

“One of the most valuable benefits of bug bounty programs is the ability to find problems even before they reach production,” Facebook said in a statement to The Verge. “We’re happy to recognize and reward Anand for his excellent report.”

Since its inception, Facebook’s bug bounty program has forked out over $4 million to hackers and security researchers for responsibly disclosing issues in its system.

Emerging Tech

Twitter is officially a teenager now. Are we raising a monster?

On March 21, 2006, Jack Dorsey sent the first ever tweet. Thirteen years later, Twitter has fundamentally changed the way we communicate. Here are some of the myriad ways it's done that.

HMD Global admits Nokia 7 Plus handsets sent user data to China

Nokia could be in some hot water. According to recent reports, Nokia 7 models may be secretly sending data to China without the user knowing about it. Nokia says that the issue was a software bug and that it has been fixed.
Social Media

A Facebook, Instagram bug exposed millions of passwords to its employees

Facebook, Facebook Lite, and Instagram passwords weren't properly encrypted and could be viewed by employees, the company said Thursday. The network estimates millions of users were affected.

Need a quick battery boost? Try one of our favorite portable chargers

Battery life still tops the polls when it comes to smartphone concerns. If it’s bugging you, then maybe it’s time to snag yourself a portable charger. Here are our picks for the best portable chargers.
Social Media

Yep, it’s not just you. Facebook, Instagram, and WhatsApp are down for many

Facebook's family of apps has been suffering issues for much of the day. Instagram, WhatsApp, Facebook Messenger, and Facebook itself have been out of action for users around the world, with the company scrambling to sort it out.
Social Media

Facebook may soon let you watch live TV with friends in Watch Party

Facebook Watch Party is designed to allow friends to watch together, even when they can't be in the same physical space. Now, that feature could be expanding to include live TV. Facebook announced a test of the feature, starting with live…
Social Media

Federal investigation digs into Facebook’s data-sharing deals

Facebook confirmed it is cooperating with a federal criminal investigation. According to a report, the company is under investigation for sharing user data with smartphone and tablet companies.
Social Media

Facebook explains its worst outage as 3 million users head to Telegram

Facebook, if you didn't already know it, suffered a bit of an issue on Wednesday, March 13. An issue that took down not only its social networking site, but also Instagram, WhatsApp, and Messenger. On Thursday it offered an explanation.

Snapchat could soon let you play games in between your selfies

If a new report is accurate, Snapchat will be getting an integrated gaming platform in April. The platform will feature mobile games form third-party developers, and one publisher is already signed on.
Social Media

Twitter is testing a handy subscription feature for following threads

Twitter has recently started testing a feature that lets you subscribe to a thread so that you’ll no longer need to like a comment or post to it yourself in order to receive notifications of new contributions.
Social Media

Your Google+ public content will remain viewable on the web, if you want it to

Google's failed social network — Google+ — will soon be wiped from the internet, but there's a team of volunteers working right now to save its public content for the Internet Archive.

There’s more space on MySpace after ‘accidental’ wipe of 50 million songs

MySpace is no longer a safe refuge for music and media produced in the 2000s. It said that almost any artistic content uploaded to the site between 2003 and 2015 may have been lost as part of a server migration last year.

Intel and Facebook team up to give Cooper Lake an artificial intelligence boost

Intel's upcoming Cooper Lake microarchitecture will be getting a boost when it comes to artificial intelligence processes, thanks to a partnership with Facebook. The results are CPUs that are able to work faster.
Social Media

New Zealand attack shows that as A.I. filters get smarter, so do violators

The shootings in Christchurch, New Zealand were livestreamed to social media, and while stats show networks are improving at removing offending videos, as the system improves, so do the violators' workarounds.