 |
Mark Zuckerberg |
On January 27, 2015, facebook was down leaving millions around the world unable to update or comments. Lizard Squad, a group notorious for attention-seeking antics online, claimed responsibility on Twitter for the Facebook outages. Facebook denied any hack, saying that the disruption was caused by a technical change and was not a cyber-attack.
On February 10, 2015, a security researcher,
Laxman Muthiyah claimed to hack into the Facebook’s developer platform using Graph API. He said the application allows him to
delete any person’s photos or albums on the social network, without their
permission. The photos of brands and public figures, and those of people who
have not locked down their privacy settings can be wiped out without warning. This
bug would bring serious legal issues against facebook if exploited by
Laxman, and this might lead to total
breakdown.
Laxman Muthiyah tested the application with
guinea pig account, and was able to easily remove its photos. “OMG : D the
album got deleted!” Muthiyah
wrote on his website. “So I got access to delete all of your Facebook
photos (photos which are public or photos I could see) :P lol :D”.
Meanwhile, facebook reportedly reached out to
Naked Security to clarify Laxman Muthiyah’s claim. Naked Security affirmed that
he actually figured out a
way to trick the social network into thinking he was the
owner of the photos — letting him delete them without warning using the
Application.
Muthiyah, however, reported the security
breach to Facebook. And it was fixed in just two hours. Facebook publicly thanked him on the website and also gave Muthiyah $US12,
500 as a bounty for finding the bug.
Further Reading: Laxman 's Website
No comments:
Post a Comment