A UK based security researcher got an unexpected return that too from Facebook for his discovery of a bug that hackers could’ve used to compromise user data.
Jack Whitton, a Security Researcher found a way to hack into other users’ Facebook accounts without their knowledge, simply by sending a text message to Facebook.
The flaw was in a Facebook facilty of allowing users to log in by their registered number instead of username.
For activation user needs to send a text message to Facebook, then authorization code is sent by Facebook to the number as sole tie up.
Whitton found a way to tweak Facebook’s authorization code to make it work with other users accounts as well. We’ve reached out to Facebook for comment and will update if we hear back.
Whitton gave news of this bug to Facebook on May 23, and Facebook fixed it five days later, paying him with a bounty of $20,000 and included his name on list of “white hats,” researchers who find bugs and inform vendors instead of making misuse of it.