Facebook is becoming a must-use social networking tool nowadays, so much so that almost everyone is already using it on a daily basis.
Fortunately, Facebook is taking privacy and security seriously, even launching a whitehat bug bounty program a couple of years ago to encourage security researchers to disclose vulnerabilities on the social network.
Today, Facebook is thanking a 21-year old Arul Kumar, an electronics and communications engineer, who exposed a vulnerability that lets users delete Facebook images without the consent of the victim.
The flaw, Kumar says, has something to do with Facebook's Support Dashboard, a portal that allows users to track reports sent to Facebook. Users can also use the portal to check if their reports have been reviewed by Facebook employees.
Kumar explains that if a reported photo on the Support Dashboard was not removed by Facebook, the hacker can then optionally send a Photo Removal Request to the victim. During this phase, Facebook will automatically send a message to the victim with a photo removal link. Once the victim accidentally clicks the link, the photo will be removed, he adds.
However, Kumar says that the vulnerability is only found on the mobile version of the Support Dashboard. Kumar then submitted a report to Facebook and followed the guidelines on the whitehat bug bounty program.
Using a video to explain the bug, Facebook security engineers acknowledged the vulnerability and offered Kumar a payout of $12,500 via PayPal or Western Union.