A British man has been given a $20,000 reward from Facebook after finding a bug, which if left undetected could have left users’ accounts exposed to hackers.
Jack Whitton who is a security researcher, discovered the flaw within Facebook’s text messaging system.
Mr Whitton, aged 22, has been thanked by Facebook and placed on the hall of fame for “responsible disclosures”.
The social network encourages experts to report any bugs to them, rather to cybercriminals. To make it worth their while, they offer rewards of various amounts depending on how severe the flaw is. The more exploitable the bug, the more you get.
In a statement Facebook said, “Facebook’s White Hat programme is designed to catch and eradicate bugs before they cause problems. Once again, the system worked and we thank Jack for his contribution.”
Mr Whitton had found a bug that allowed him to spoof Facebook’s text message verification system into sending a password reset code for an account that was not his own. Using this, he could go to Facebook, reset a user’s password and access the account.
“This security flaw is terrible. It should never have existed. It’s a gaping hole, thank goodness it’s closed now. We are really relying on the goodwill of researchers.”
Jack Whitton who is a security researcher, discovered the flaw within Facebook’s text messaging system.
Mr Whitton, aged 22, has been thanked by Facebook and placed on the hall of fame for “responsible disclosures”.
The social network encourages experts to report any bugs to them, rather to cybercriminals. To make it worth their while, they offer rewards of various amounts depending on how severe the flaw is. The more exploitable the bug, the more you get.
In a statement Facebook said, “Facebook’s White Hat programme is designed to catch and eradicate bugs before they cause problems. Once again, the system worked and we thank Jack for his contribution.”
Mr Whitton had found a bug that allowed him to spoof Facebook’s text message verification system into sending a password reset code for an account that was not his own. Using this, he could go to Facebook, reset a user’s password and access the account.
Facebook Should Be Extremely Grateful
Graham Cluley, a security expert, said that the Facebook bug would have been of great interest to cybercriminals and Facebook should be “extremely grateful” that Mr Whitton had decided to report it to them.“This security flaw is terrible. It should never have existed. It’s a gaping hole, thank goodness it’s closed now. We are really relying on the goodwill of researchers.”