Skip to main content

Facebook Increases Bug Bounty Payout After Audit

posted onFebruary 9, 2018
by l33tdawg
Credit:

In September 2017, security researcher Josip Franjković discovered an issue with Facebook’s partners portal, which leaked users’ email addresses. The bug was discovered after one of the researcher’s sites was approved to participate in the Free Basics project by Facebook.

What the researcher discovered was a medium-high impact privacy bug where adding a new admin user would leak their email address in subsequent notification emails.

Basically, for a newly added admin, the notifications emails would contain the admin's primary Facebook email through a parameter in one of the links, the security researcher discovered. To reproduce the bug, one would simply head to the Settings section at https://partners.facebook.com/fbs/settings/, add a name, and enter an email they control in the email field.

Source

Tags

Facebook Security

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th