Indian Engineer Discovers Bug That Allows Facebook Photos To Be Deleted, Receives $12.5K Reward

Who says Facebook doesn’t pay out bounties when bugs are reported? Arul Kumar, an electronics and communications engineer from Tamil Nadu in India, is $12,500 richer after reporting a bug that allowed users to delete photos from Facebook via the social network’s support dashboard.

Who says Facebook doesn’t pay out bounties when bugs are reported? Arul Kumar, an electronics and communications engineer from Tamil Nadu in India, is $12,500 richer after reporting a bug that allowed users to delete photos from Facebook via the social network’s support dashboard.

Facebook Security eliminated the bug, which worked via the photo removal request feature in the social network’s support dashboard. Kumar described in a blog post how he was able to manually alter the user IDs of the sender and receiver of photo removal requests, with two Facebook accounts logged in simultaneously, adding that once the account that was designated as the photo owner received the removal request, photos could be deleted immediately, and the users who posted those photos would be none the wiser.

In a development similar to the case of Palestinian information system expert Khalil Shreateh, whose bug report to Facebook’s white hat program was rejected,...

AW+

WORK SMARTER - LEARN, GROW AND BE INSPIRED.

Spring Special

Save 30% Off an ADWEEK Subscription Today!

View Your Options

Already a member? Sign in