SafeUM
Home Blog Services Download Help About Recharge
EN
RU

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
EN
Lang
EN
RU
Archive
TOP Security!
28 Nov 2017

Newly discovered Facebook bug allowed anyone to delete your photos with a poll

New features in software always bring bugs. Still, some are worse than others.

When Facebook rolled out its new polling feature earlier this month, which allows people to post votable questions on anything from what to have for dinner to what dress to wear at a prom dance, it also inadvertently opened the door for hackers to delete any picture on the network.

Security researcher Pouya Darabi discovered this bug in early November. When someone created a poll, he found, it would send a request to Facebook servers that included a unique ID for the picture or GIF included. At that point, as Darabi explains in a blog post, he could replace that ID with the ID of any other picture on the network, even ones other people had uploaded. That way, the poll he’d created would include other people’s pictures, even ones that are not set to public.

Then, when he deleted his own poll, the image included (the one taken from someone else's page) was completely deleted from Facebook—and not just from the poll. It’s unclear how Darabi could obtain the ID of other people’s photos, but it’s possible that all a malicious hacker had to do was to guess a random number until he or she got an image.

Facebook quickly fixed the bug after Darabi reported it, according to the researcher. For his discovery, Facebook rewarded Darabi with $10,000, he said. In an email to Motherboard, Facebook confirmed the researcher's story. This is not the first time independent security researchers have found such bugs in Facebook. In 2015, another researcher found one that allowed him to delete any picture on the site. Others have found similar bugs to delete comments and videos. All these have been fixed.

And, of course, awful bugs aren’t just on Facebook. Last month, a security researcher found that he could access a list of all Google’s bugs without any authorization, opening the door for malicious hackers to get advance notice of critical vulnerabilities on Google, which they could have used to their advantage before the bugs were fixed.

Download SafeUM — communicate privately, without advertising and spam.

Tags:
Facebook information leaks
Source:
Motherboard
329
Other NEWS
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
17 May 2018 safeum news imgage US cell carriers are selling access to your real-time phone location data
16 May 2018 safeum news imgage Australia looking into claim Google harvests data while consumers pay
15 May 2018 safeum news imgage Hacking train Wi-Fi may expose passenger data and control systems
15 May 2018 safeum news imgage Huge new Facebook data leak exposed intimate details of 3m users
All news
SafeUM
Confidential Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015