Facebook Fixes Bug That Would Have Allowed Hackers To Delete All Your Photos

By Kamal Nayan - 13 Feb '15 00:37AM

Recently a bug was discovered in Facebook that would have allowed hackers to arbitrarily delete photos by simply inserting the photo album's ID number.

A blogger named Laxman Muthiyah discovered the issue and it boiled down to a brief code:

Request :-
DELETE /(Victim's_photo_album_id) HTTP/1.1
Host : graph.facebook.com
Content-Length: 245
access_token=(Your(Attacker)_Facebook_for_Android_Access_Token)

Simply by inserting the photo album's ID number, one could delete the Facebook pictures that did not belong to him. The person on the other end would haven't got any clue why pictures were suddenly deleted.

This was all able to happen by exploiting Facebook's Graph API, which is the HTTP-based software that allows the website to function. Graph API requires a token to mess with someone's data, but Muthiyah tricked Facebook, using his own token, into deleting other people's pictures, Mashable reported.

For exposing the vulnerability Muthiyah has been awarded $12,500 bounty.

Facebook says the issue has been resolved

Fun Stuff

The Next Read

Real Time Analytics