Skip to main content

Facebook Increases Bug Bounty Payout After Audit

posted onFebruary 9, 2018
by l33tdawg

In September 2017, security researcher Josip Franjković discovered an issue with Facebook’s partners portal, which leaked users’ email addresses. The bug was discovered after one of the researcher’s sites was approved to participate in the Free Basics project by Facebook.

What the researcher discovered was a medium-high impact privacy bug where adding a new admin user would leak their email address in subsequent notification emails.

Basically, for a newly added admin, the notifications emails would contain the admin's primary Facebook email through a parameter in one of the links, the security researcher discovered. To reproduce the bug, one would simply head to the Settings section at https://partners.facebook.com/fbs/settings/, add a name, and enter an email they control in the email field.

Source

Tags

Facebook Security

You May Also Like

Recent News

Monday, February 19th

Thursday, February 15th

Tuesday, February 13th

Monday, February 12th

Sunday, February 11th

Saturday, February 10th