The Hacker News Logo
Subscribe to Newsletter

The Hacker News — Cyber Security and Hacking News Website: facebook vulnerability

Get paid up to $40,000 for finding ways to hack Facebook or Instagram accounts

Get paid up to $40,000 for finding ways to hack Facebook or Instagram accounts

November 21, 2018Mohit Kumar
Here we have great news for all bug bounty hunters. Now you can get paid up to $40,000 for finding and responsibly reporting critical vulnerabilities in the websites and mobile applications owned by Facebook that could allow cyber attackers to take over user accounts. In the latest post published Tuesday on the Facebook page, the social networking giant announced that it has raised the monetary reward for account takeover vulnerabilities to encourage security researchers and bug bounty hunters in helping Facebook to fix high impact issues before nefarious hackers exploit them. The announcement says: Cybersecurity researchers who find security vulnerabilities in any products owned by Facebook , including Instagram , WhatsApp , and Oculus , that can lead to a full account takeover, including access tokens leakage or the ability to access users' valid sessions, will be rewarded an average bounty of: $40,000 reward—if user interaction is not required at all $25,000 reward—
Another Facebook Bug Could Have Exposed Your Private Information

Another Facebook Bug Could Have Exposed Your Private Information

November 13, 2018Swati Khandelwal
Another security vulnerability has been reported in Facebook that could have allowed attackers to obtain certain personal information about users and their friends, potentially putting the privacy of users of the world's most popular social network at risk. Discovered by cybersecurity researchers from Imperva, the vulnerability resides in the way Facebook search feature displays results for entered queries. According to Imperva researcher Ron Masas, the page that displays search results includes iFrame elements associated with each outcome, where the endpoint URLs of those iFrames did not have any protection mechanisms in place to protect against cross-site request forgery (CSRF) attacks. It should be noted that the newly reported vulnerability has already been patched, and unlike previously disclosed flaw in Facebook that exposed personal information of 30 million users , it did not allow attackers to extract information from mass accounts at once. How Does the Facebo
Hackers Stole 50 Million Facebook Users' Access Tokens Using Zero-Day Flaw

Hackers Stole 50 Million Facebook Users' Access Tokens Using Zero-Day Flaw

September 28, 2018Swati Khandelwal
Logged out from your Facebook account automatically? Well you're not alone… Facebook just admitted that an unknown hacker or a group of hackers exploited a zero-day vulnerability in its social media platform that allowed them to steal secret access tokens for more than 50 million accounts. UPDATE:  10 Important Updates You Need To Know About the Latest Facebook Hacking Incident . In a brief blog post published Friday, Facebook revealed that its security team discovered the attack three days ago (on 25 September) and they are still investigating the security incident. The vulnerability, whose technical details has yet not been disclosed and now patched by Facebook, resided in the "View As" feature—an option that allows users to find out what other Facebook users would see if they visit your profile. According to the social media giant, the vulnerability allowed hackers to steal secret access tokens that could then be used to directly access users' private in
Another Facebook Bug Allowed Anyone to Delete Your Photos

Another Facebook Bug Allowed Anyone to Delete Your Photos

November 27, 2017Swati Khandelwal
If you think a website whose value is more than $500 billion does not have any vulnerability in it, then you are wrong. Pouya Darabi, an Iranian web developer, discovered and reported a critical yet straightforward vulnerability in Facebook earlier this month that could have allowed anyone to delete any photo from the social media platform. The vulnerability resides in Facebook's new Poll feature, launched by the social media giant earlier this month, for posting polls that include images and GIF animations. Darabi analyzed the feature and found that when creating a new poll, anyone can easily replace the image ID (or gif URL) in the request sent to the Facebook server with the image ID of any photo on the social media network. Now, after sending the request with another user image ID (uploaded by someone else), that photo would appear in the poll. "Whenever a user tries to create a poll, a request containing gif URL or image id will be sent, poll_question_data[
Wait, Do You Really Think That’s A YouTube URL? Spoofing Links On Facebook

Wait, Do You Really Think That’s A YouTube URL? Spoofing Links On Facebook

October 30, 2017Mohit Kumar
While scrolling on Facebook how you decide which link/article should be clicked or opened? Facebook timeline and Messenger display title, description, thumbnail image and URL of every shared-link, and this information are enough to decide if the content is of your interest or not. Since Facebook is full of spam, clickbait and fake news articles these days, most users do not click every second link served to them. But yes, the possibility of opening an article is much higher when the content of your interest comes from a legitimate and authoritative website, like YouTube or Instagram. However, what if a link shared from a legitimate website lands you into trouble? Even before links shared on Facebook could not be edited, but to stop the spread of misinformation and false news, the social media giant also removed the ability for Pages to edit title, description, thumbnail image of a link in July 2017. However, it turns out that—spammers can spoof URLs of the shared-links t
This Bug Could Allow Hackers to Delete Any Video On Facebook

This Bug Could Allow Hackers to Delete Any Video On Facebook

January 23, 2017Mohit Kumar
A security researcher has discovered a critical vulnerability in Facebook that could allow attackers to delete any video of the social networking site shared by anyone on their wall. The flaw has been discovered by security researcher Dan Melamed in June 2016, allowing him not only to remotely delete any video on Facebook shared by anyone without having any permission or authentication but also to disable commenting on the video of your choice. Here's how to exploit this flaw: In order to exploit this vulnerability, Melamed first created a public event on the Facebook page and uploaded a video on the Discussion part of the event. While uploading the video, the researcher tampered the POST request using Fiddler and then replace the Video ID value of his video with Video ID value of any other video on the social media platform. Although Facebook responded to this issue with a server error, i.e. " This content is no longer available, " but the new video was s
Facebook Bug Declares Millions of Users Dead, Including Zuckerberg!

Facebook Bug Declares Millions of Users Dead, Including Zuckerberg!

November 12, 2016Wang Wei
Last night, Facebook declared everyone dead, including the company's CEO Mark Zuckerberg, in a massive memorial 'remembering' profile glitch. Well, that's awkward. Despite being very much alive, Facebook users, when logged on to their accounts on Friday afternoon, found their accounts turned to a " memorialized account ," strongly suggesting that they are dead to everyone who visits their profile. A statement on Mark Zuckerberg's profile read: "We hope people who love Mark will find comfort in the things others share to remember and celebrate his life." When the message appeared, thousands of users shaken by the incident complained on Twitter about their premature digital deaths, offering their proof-of-life so that their concerned relatives could calm themselves down. This weird glitch was first spotted by Business Insider when several of its employees saw the message at the top of their Facebook profiles on Friday. When reached
Exclusive Deals

Get Daily News Updates By Email

Join over 350,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.