Hacker finds vulnerability in Facebook, can delete your photo albums

Facebook commits to changing its user research techniques

Like it or not, Facebook has become almost ubiquitous in today's world. Most people you know, both young and old, are on there. Worse, some folks keep memories of their lives stored on the service, including precious photos that, in some cases, may not be backed up in any way. It feels safe, after all, Facebook wouldn't lose them, right? Not so fast.

This is less about Facebook losing them, I'm sure it has backups, but more about a third-party taking them away. That sounds scary, but a security researcher has proven it's possible. Laxman Muthiyah posted his findings along with details of how the exploit works.

Essentially he utilized the Graph API to accomplish both deletion of his own album and then that of a "victim". Though Facebook claims this isn't possible, it is quite the opposite case and proof is posted for everyone to see. The token generated should only grant limited access, however generating a token for the mobile version of the social network changed things.

"The album got deleted! So i got the key to delete all of your Facebook photos", Muthiya calmly states. Of course he won't do this, he's only proving a point. But that point should be acted upon quickly by the service because, now that it's out there, someone will certainly begin using it "just for fun", right?

Well, no. Fortunately, it has been fixed, so the need to worry about this is no longer a concern. Facebook also awarded Mr. Muthiyah $12,500 for finding the flaw. Kudos for acting quickly.

Photo credit: 1000 Words / Shutterstock

Comments are closed.

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.