1. Home
  2. Social Media
  3. News

Swapping out video IDs lets programmer delete any Facebook video

By
Facebook Vulnerability - Deleting Any Video on Facebook
Uploading a video to an event page and swapping out the ID code could have allowed computer savvy hackers to overwrite any Facebook video, no matter who uploaded it. Dan Melamed, a security researcher, uncovered the vulnerability — and earned a cool $10,000 for showing Facebook the error.
Recommended Videos

Melamed found the vulnerability last June, but only shared the glitch Monday after a Facebook update had already corrected the issue. By attaching any Facebook video to an event post by grabbing some of the code and pasting it in while uploading another video, that stolen video pops up on the event page.

But what’s even more unnerving is that when that stolen video post is deleted, the original is also deleted from the owner’s page. Disabling the comments on that post through the event page could also disable comments on the original video.

Melamed reported the vulnerability to Facebook at the end of June — a day later, the social media platform asked him to delete one of Facebook’s own videos to prove the glitch, and the next day, that’s what he did. Two weeks later, Facebook awarded him $10,000 for responsibly reporting the error.

Melamed is a self-described security researcher and web programmer — he hacks into programs to find weaknesses, then reports them to the company to fix before a hacker exploits the glitch. While the security issue was uncovered months ago, Melamed only shared how he was able to delete any Facebook video after Facebook removed the vulnerability — so hackers couldn’t use his findings as a how-to guide. He did not say when Facebook corrected the issue.

The video fix comes after a different security researcher discovered how to delete any Facebook album using only four lines of code — Facebook fixed that glitch within two hours. Facebook uses a Bug Bounty program to encourage hackers to report rather than exploit any uncovered weaknesses. Now five years old, Facebook has paid over five million dollars in “bounties” through the program.

Editors' Recommendations

Topics
Hillary K. Grigonis
Former Digital Trends Contributor
Hillary never planned on becoming a photographer—and then she was handed a camera at her first writing job and she's been…
Bluesky barrels toward 1 million new sign-ups in a day

Social media app Bluesky has picked nearly a million new users just a day after exiting its invitation-only beta and opening to everyone.

In a post on its main rival -- X (formerly Twitter) -- Bluesky shared a chart showing a sudden boost in usage on the app, which can now be downloaded for free for iPhone and Android devices.

Read more
How to make a GIF from a YouTube video

Sometimes, whether you're chatting with friends or posting on social media, words just aren't enough -- you need a GIF to fully convey your feelings. If there's a moment from a YouTube video that you want to snip into a GIF, the good news is that you don't need complex software to so it. There are now a bunch of ways to make a GIF from a YouTube video right in your browser.

If you want to use desktop software like Photoshop to make a GIF, then you'll need to download the YouTube video first before you can start making a GIF. However, if you don't want to go through that bother then there are several ways you can make a GIF right in your browser, without the need to download anything. That's ideal if you're working with a low-specced laptop or on a phone, as all the processing to make the GIF is done in the cloud rather than on your machine. With these options you can make quick and fun GIFs from YouTube videos in just a few minutes.
Use GIFs.com for great customization
Step 1: Find the YouTube video that you want to turn into a GIF (perhaps a NASA archive?) and copy its URL.

Read more
I paid Meta to ‘verify’ me — here’s what actually happened

In the fall of 2023 I decided to do a little experiment in the height of the “blue check” hysteria. Twitter had shifted from verifying accounts based (more or less) on merit or importance and instead would let users pay for a blue checkmark. That obviously went (and still goes) badly. Meanwhile, Meta opened its own verification service earlier in the year, called Meta Verified.

Mostly aimed at “creators,” Meta Verified costs $15 a month and helps you “establish your account authenticity and help[s] your community know it’s the real us with a verified badge." It also gives you “proactive account protection” to help fight impersonation by (in part) requiring you to use two-factor authentication. You’ll also get direct account support “from a real person,” and exclusive features like stickers and stars.

Read more