Melamed found the vulnerability last June, but only shared the glitch Monday after a Facebook update had already corrected the issue. By attaching any Facebook video to an event post by grabbing some of the code and pasting it in while uploading another video, that stolen video pops up on the event page.
But what’s even more unnerving is that when that stolen video post is deleted, the original is also deleted from the owner’s page. Disabling the comments on that post through the event page could also disable comments on the original video.
Melamed reported the vulnerability to Facebook at the end of June — a day later, the social media platform asked him to delete one of
Melamed is a self-described security researcher and web programmer — he hacks into programs to find weaknesses, then reports them to the company to fix before a hacker exploits the glitch. While the security issue was uncovered months ago, Melamed only shared how he was able to delete any Facebook video after
The video fix comes after a different security researcher discovered how to delete any Facebook album using only four lines of code —
- Facebook says new Portal video-chat devices are coming in the fall
- Facebook Messenger will soon let you delete sent messages
- Facebook is paying cash rewards if you find vulnerabilities in third-party apps
- New trivia game shows and video polls on Facebook turn viewers into participants
- Miss the big play? Facebook will now let you rewind live videos