Skip to main content

Swapping out video IDs lets programmer delete any Facebook video

Facebook Vulnerability - Deleting Any Video on Facebook
Uploading a video to an event page and swapping out the ID code could have allowed computer savvy hackers to overwrite any Facebook video, no matter who uploaded it. Dan Melamed, a security researcher, uncovered the vulnerability — and earned a cool $10,000 for showing Facebook the error.

Melamed found the vulnerability last June, but only shared the glitch Monday after a Facebook update had already corrected the issue. By attaching any Facebook video to an event post by grabbing some of the code and pasting it in while uploading another video, that stolen video pops up on the event page.

But what’s even more unnerving is that when that stolen video post is deleted, the original is also deleted from the owner’s page. Disabling the comments on that post through the event page could also disable comments on the original video.

Melamed reported the vulnerability to Facebook at the end of June — a day later, the social media platform asked him to delete one of Facebook’s own videos to prove the glitch, and the next day, that’s what he did. Two weeks later, Facebook awarded him $10,000 for responsibly reporting the error.

Melamed is a self-described security researcher and web programmer — he hacks into programs to find weaknesses, then reports them to the company to fix before a hacker exploits the glitch. While the security issue was uncovered months ago, Melamed only shared how he was able to delete any Facebook video after Facebook removed the vulnerability — so hackers couldn’t use his findings as a how-to guide. He did not say when Facebook corrected the issue.

The video fix comes after a different security researcher discovered how to delete any Facebook album using only four lines of code — Facebook fixed that glitch within two hours. Facebook uses a Bug Bounty program to encourage hackers to report rather than exploit any uncovered weaknesses. Now five years old, Facebook has paid over five million dollars in “bounties” through the program.

Editors' Recommendations

Hillary K. Grigonis
Hillary never planned on becoming a photographer—and then she was handed a camera at her first writing job and she's been…
Facebook will soon let everyone unsend messages, just like Zuckerberg
facebook messenger 2017 android

Private messages from Facebook founder Mark Zuckerberg are disappearing mysteriously from Facebook Messenger inboxes -- and soon, you're going to be able to do exactly the same thing with your friends.

If you're a user of Facebook Messenger, then you might be aware that while you can delete the messages that you send, that only removes the message from your copy of the conversation -- anyone else in the conversation is still able to see it, whether that be a one-on-one or group conversation. Following the uproar around these deletions, Facebook has stated that it is developing an "unsend" option in Messenger, and that it will be available in a few months. Until that time, Facebook has also said it will not be deleting any more executive personal messages.

Read more
It’s safe to add music to Facebook videos if it comes from this record label

Adding that soundtrack to your DIY video and sharing on Facebook might not get you in copyright trouble anymore. On Thursday, December 21, Universal Music Group and Facebook announced an agreement that allows music from the record company to be licensed for use across Facebook, Instagram, Messenger, and Oculus.

The agreement, Universal says, is the first of it’s kind and is available globally. The multi-year deal allows users to share the music online legally and is designed to open up “new music-based experiences online,” the record company said. Without the agreement, sharing music that’s not your own (or in the public domain), whether that’s background music to a video or in another format, is a copyright violation.

Read more
Facebook eliminates ad breaks on short videos, but expands ads in Watch Tab
facebook journalism grants login smartphone

Facebook users will soon start seeing fewer ad breaks on short videos but they could start seeing pre-roll ads on the videos inside the Watch Tab. The ad changes, announced on Thursday, December 14, come with updates that will also help move more videos to the top of the news feed.

After discontinuing a program that paid selected publishers for live video at the end of the year, Facebook will instead be using a handful of new advertising strategies, some previously tested and some launching only in the testing phase. The changes, Facebook says, help to build different monetization tools for partners, while Facebook users could see fewer ads of one kind only to see more from another type.

Read more