Skip to main content

Swapping out video IDs lets programmer delete any Facebook video

Facebook Vulnerability - Deleting Any Video on Facebook
Uploading a video to an event page and swapping out the ID code could have allowed computer savvy hackers to overwrite any Facebook video, no matter who uploaded it. Dan Melamed, a security researcher, uncovered the vulnerability — and earned a cool $10,000 for showing Facebook the error.

Melamed found the vulnerability last June, but only shared the glitch Monday after a Facebook update had already corrected the issue. By attaching any Facebook video to an event post by grabbing some of the code and pasting it in while uploading another video, that stolen video pops up on the event page.

But what’s even more unnerving is that when that stolen video post is deleted, the original is also deleted from the owner’s page. Disabling the comments on that post through the event page could also disable comments on the original video.

Melamed reported the vulnerability to Facebook at the end of June — a day later, the social media platform asked him to delete one of Facebook’s own videos to prove the glitch, and the next day, that’s what he did. Two weeks later, Facebook awarded him $10,000 for responsibly reporting the error.

Melamed is a self-described security researcher and web programmer — he hacks into programs to find weaknesses, then reports them to the company to fix before a hacker exploits the glitch. While the security issue was uncovered months ago, Melamed only shared how he was able to delete any Facebook video after Facebook removed the vulnerability — so hackers couldn’t use his findings as a how-to guide. He did not say when Facebook corrected the issue.

The video fix comes after a different security researcher discovered how to delete any Facebook album using only four lines of code — Facebook fixed that glitch within two hours. Facebook uses a Bug Bounty program to encourage hackers to report rather than exploit any uncovered weaknesses. Now five years old, Facebook has paid over five million dollars in “bounties” through the program.

Editors' Recommendations

Hillary K. Grigonis
Hillary never planned on becoming a photographer—and then she was handed a camera at her first writing job and she's been…
X (formerly Twitter) returns after global outage
A white X on a black background, which could be Twitter's new logo.

X, formerly known as Twitter, went down for about 90 minutes for users worldwide early on Thursday ET.

Anyone opening the social media app across all platforms was met with a blank timeline. On desktop, users saw a message that simply read, "Welcome to X," while on mobile the app showed suggestions for accounts to follow.

Read more
How to create multiple profiles on a Facebook account
A series of social media app icons on a colorful smartphone screen.

Facebook (and, by extension, Meta) are particular in the way that they allow users to create accounts and interact with their platform. Being the opposite of the typical anonymous service, Facebook sticks to the rule of one account per one person. However, Facebook allows its users to create multiple profiles that are all linked to one main Facebook account.

In much the same way as Japanese philosophy tells us we have three faces — one to show the world, one to show family, and one to show no one but ourselves — these profiles allow us to put a different 'face' out to different aspects or hobbies. One profile can keep tabs on your friends, while another goes hardcore into networking and selling tech on Facebook Marketplace.

Read more
How to set your Facebook Feed to show most recent posts
A smartphone with the Facebook app icon on it all on a white marble background.

Facebook's Feed is designed to recommend content you'd most likely want to see, and it's based on your Facebook activity, your connections, and the level of engagement a given post receives.

But sometimes you just want to see the latest Facebook posts. If that's you, it's important to know that you're not just stuck with Facebook's Feed algorithm. Sorting your Facebook Feed to show the most recent posts is a simple process:

Read more