1 min read

Researcher wins $55,000 for "Login with Facebook" hack

Filip TRUȚĂ

March 11, 2020

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Researcher wins $55,000 for "Login with Facebook" hack

Facebook”s bug bounty program has yielded a hefty paycheck to a researcher from India who discovered a serious security flaw in the platform.

In December, last year, Amol Baikar was tinkering with the “Login with Facebook” feature when he discovered that he could hijack the OAuth flow and steal a user”s access tokens.

All an attacker had to do was to send the victim a malicious link, which the unwary recipient would (theoretically) click. With the access tokens in hand, the attacker would be able to take over the user”s account.

Facebook acknowledged the issue within a few hours of Baikar submitting the bug report. On December 16, the social network silently pushed out a fix.

“I”m very glad that I”m part of this responsible disclosure to Facebook and joyous to achieve my goal successfully,” the researcher wrote on his blog.

“We”ve fixed the issue and haven”t seen any evidence of abuse,” Facebook told SecurityWeek. “We”re grateful for this researcher”s help to keep our platform safe.”

tags


Author


Filip TRUȚĂ

Filip has 15 years of experience in technology journalism. In recent years, he has turned his focus to cybersecurity in his role as Information Security Analyst at Bitdefender.

View all posts

You might also like

Bookmarks


loader