Skip to main content

Facebook Increases Bug Bounty Payout After Audit

posted onFebruary 9, 2018
by l33tdawg

In September 2017, security researcher Josip Franjković discovered an issue with Facebook’s partners portal, which leaked users’ email addresses. The bug was discovered after one of the researcher’s sites was approved to participate in the Free Basics project by Facebook.

What the researcher discovered was a medium-high impact privacy bug where adding a new admin user would leak their email address in subsequent notification emails.

Basically, for a newly added admin, the notifications emails would contain the admin's primary Facebook email through a parameter in one of the links, the security researcher discovered. To reproduce the bug, one would simply head to the Settings section at https://partners.facebook.com/fbs/settings/, add a name, and enter an email they control in the email field.

Source

Tags

Facebook Security

You May Also Like

Recent News

Monday, May 21st

Thursday, May 17th

Monday, May 14th

Tuesday, May 8th

Saturday, May 5th

Thursday, May 3rd

Wednesday, May 2nd