Hacker finds Facebook security flaw
A white-hat hacker discovered a security flaw in a Facebook server containing staff details, managing to gain access to usernames and passwords.
A hacker discovered a vulnerability in Facebook’s server, which would allow for a backdoor to be opened and staff usernames and passwords to be extracted.
Orange Tsai is the exploit hunter in question; he discovered the vulnerability back in February and turned the details over to Facebook’s security team. As a result, the issue has since been fixed. Of course, he benefitted as a result of discovering the issue. Apparently, he was rewarded with $10,000 for his efforts.
Facebook security engineer, Reginaldo Silva, revealed that the backdoor was added by another bounty hunting security researcher. Silva said that this was not a malicious attack.
"Neither of them were able to compromise other parts of our infrastructure, so the way we see it, it's a double win: two competent researchers assessed the system, one of them reported what he found to us and got a good bounty, none of them were able to escalate access," they added.