Researcher calls it a hawk-eye bug…
Facebook has paid a burglar researcher $2,500 for reporting an info disclosure bug that took him fewer than 3 minutes to find out without the testing or proof concept, and other time-consuming processes. This vulnerability was exposing specifics of Facebook page administrators through the new feature that Facebook was testing.
In his report, security researcher Mohamed Baset says that he received a message from the social network inviting him to enjoy a webpage that they had previously visited and liked a post on. When he hadn’t liked the page itself, through this selection Facebook was enabling page admins to visitors who had interacted with some of their page content but hadn’t liked the page yet.
RelatedAnyone Could Hack for your Tinder Account Using Just a Number
A simple “show original” within this invitation email allowed Baset to see that Facebook was exposing?page administrators’ details. Going through the email\’s source code, he saw that it included the name along with other details of the page administrator.
While this bug wasn’t any devastating, mind blowing discovery, Baset describes getting may error. Facebook informed him that they will be receiving $2,500 due to this information disclosure issue that took Baset a couple of minutes to get because of the simple “show original” drop-down menu option in email.
RelatedGDPR Calling! Facebook Has Private Data on Over 40% of EU Citizens
This latest Facebook bug report proves that hackers but not only need technical skills, but more often than not should also use a hacking and hunting mentality allowing them to spot problems while in the obvious but easy-to-miss places.
Facebook is constantly on the attract most of the white hat hacking community; the social network giant recently announced that this paid over $880,000 in bug bounties not too long ago,?bringing its total rewards to substantially more than $6,300,000.