Facebook: On Recent Security Flaw, The Bug Bounty Reward

Facebook: On Recent Security Flaw, The Bug Bounty Reward
Photo Credit: denkwerk_agentur via Compfight cc

A security flaw on Facebook has been discovered last month by a security researcher. The flaw has been reported to the social media who, in turn, rewarded the researcher and has since then fixed its system in order to solve the problem.


Times of India reports that the flaw or the bug in the security system of the social networking site has been discovered by Anand Prakash. The bug, which if exploited, can literally hack into any Facebook account, access a user’s messages, photos and just about anything in the accessed account.

When an account is reset, the social media sends a six digit PIN to the user’s phone; The said PIN will then act as a temporary password while the account is reset. The social network cuts a user off after ten or 12 bad guesses, however, Prakash discovered that those protections are not on the beta.facebook.com where developers often try out new features that are not yet ready for Facebook.

And though the new features are not accessible on the main social media site, accounts are accessible in the beta site which, with the help of the resulting bug, let Prakash flood the page with PIN guesses which effectively let him break into any account he would have wanted, reports The Verge.

Like us on Facebook

The bug was a result of a change deployed to the beta page a few days earlier and seems to not be exploited before Prakash has managed to discover it. And instead of using it for his own means, he decided to report the bug through Facebook’s vulnerability page last Feb. 22.

This in turn earned Prakash a $15,000 USD on March 2, under the social media’s bug bounty program and an acknowledgement mail from the social media thanking him for his help on resolving the said issue, reports The American Bazaar.

According to Threat Post, the social networking site told them that the dollar value of the discovery is huge by its standards. It’s rare and only a handful has managed to earn more as part of the American company’s Bug Bounty Program.

The value of the award is based according to the risk of the discovery not its complexity. For the recent discovery, if Prakash had not discovered the bug and reported it, then the change could have been integrated into Facebook.com, which in turn, could have triggered a widespread user attack.

This means that the latest bug discovery is so far one of the most dangerous bugs to have been discovered. Facebook, who has also worked with Prakash before, said on a statement for Gizmodo that, “One of the most valuable benefits of bug bounty programs is the ability to find problems even before they reach production. We’re happy to recognize and reward Anand for his excellent report.”

Also Read: WordPress Plugin For Instant Articles Released By Facebook

For more technology news, you can subscribe to our newsletter. If you are a social media junkie and would like to receive updates on your timeline, then you can also like us on Facebook or follow us on Twitter.