HOTforSecurity
  • Home
  • Threats
    • Security alerts
    • Social Networks Security
    • Mobile & Gadgets Security
    • Tips and Tricks
  • Smart Home Security
  • Digital Privacy
    • Digital Identity
    • Good Practices
    • Data Breach Alerts
  • Work from Home: Safety Tips
  • The ABC of Cybersecurity
  • Security Videos
HOTforSecurity
  • Home
  • Threats
    • Security alerts
    • Social Networks Security
    • Mobile & Gadgets Security
    • Tips and Tricks
  • Smart Home Security
  • Digital Privacy
    • Digital Identity
    • Good Practices
    • Data Breach Alerts
  • Work from Home: Safety Tips
  • The ABC of Cybersecurity
  • Security Videos
HOTforSecurity
  • Home
  • Threats
    • Security alerts
    • Social Networks Security
    • Mobile & Gadgets Security
    • Tips and Tricks
  • Smart Home Security
  • Digital Privacy
    • Digital Identity
    • Good Practices
    • Data Breach Alerts
  • Work from Home: Safety Tips
  • The ABC of Cybersecurity
  • Security Videos
Filip TRUTA @FilipTrout
    Share This!
  • Facebook
  • Twitter
  • Pinterest
  • LinkedIn
  • ReddIt
Industry News

Researcher wins $55,000 for ‘Login with Facebook’ hack

March 11, 2020
1 Min Read

Facebook’s bug bounty program has yielded a hefty paycheck to a researcher from India who discovered a serious security flaw in the platform.

In December, last year, Amol Baikar was tinkering with the “Login with Facebook” feature when he discovered that he could hijack the OAuth flow and steal a user’s access tokens.

All an attacker had to do was to send the victim a malicious link, which the unwary recipient would (theoretically) click. With the access tokens in hand, the attacker would be able to take over the user’s account.

Facebook acknowledged the issue within a few hours of Baikar submitting the bug report. On December 16, the social network silently pushed out a fix.

“I’m very glad that I’m part of this responsible disclosure to Facebook and joyous to achieve my goal successfully,” the researcher wrote on his blog.

“We’ve fixed the issue and haven’t seen any evidence of abuse,” Facebook told SecurityWeek. “We’re grateful for this researcher’s help to keep our platform safe.”

Tagsfacebook login with facebook OAuth oauth 2.0 social network

You may also like

Industry News

Google’s Project Zero Changes the 90-Day Disclosure Policy to a More Flexible Solution

3 hours ago
Industry News

Sysadmin of fake cybersecurity company sentenced to jail after billion-dollar crime spree

5 hours ago
Industry News

LinkedIn Email Subjects Remain The Top-Clicked Social Media Phishing Scams in 2021

7 hours ago

About the author

View All Posts

Filip TRUTA

Filip is an experienced writer with over a decade of practice in the technology realm. He has covered a wide range of topics in such industries as gaming, software, hardware and cyber-security, and has worked in various B2B and B2C marketing roles. Filip currently serves as Information Security Analyst with Bitdefender.

Secret-sharing app Whisper failed to keep users’ fetishes and locations private
Spammers Use Coronavirus Message to Deploy Keylogger
    Share This!
  • Facebook
  • Twitter
  • Pinterest
  • LinkedIn
  • ReddIt

Promo

1.3m
Fans
Like
104.7k
Followers
Follow
2.7k
Subscribers
Subscribe
19
Subscribers
subscribe
1.4m
Fans Love us

Recent shouts

  • Meurig Parri on Microsoft Ends Support for Windows 7. What You Need to Know
  • Kevin on Cable Haunt vulnerability affects millions of Broadcom cable modems
  • Terry on Ransomware attack forces Arkansas CEO to fire 300 employees days before Christmas
  • Martin on 1&1 Telecom GmbH hit by almost €10 million GDPR fine over poor security at call centre
  • Xander on 1&1 Telecom GmbH hit by almost €10 million GDPR fine over poor security at call centre

Time Machine

April 2021
M T W T F S S
 1234
567891011
12131415161718
19202122232425
2627282930  
« Mar    

ANTIVIRUS SOFTWARE FOR HOME USERS

Bitdefender Cybersecurity for Smart Home
Bitdefender Complete Protection
Bitdefender PC Protection
Bitdefender Antivirus for Mac
Bitdefender Mobile Security for Android
Bitdefender Product Comparison

BUSINESS SOLUTIONS

Bitdefender GravityZone Business Security
Bitdefender GravityZone Advanced Business Security
Bitdefender GravityZone Enterprise Security
Bitdefender Hypervisor Introspection

TOOLS & RESOURCES

Renewal for Business Customers
Trial Downloads
Free Antivirus
Free Online Virus Scanner
Free Virus Removal Tools
Live Remote Assistance
Free Tools
Bug Bounty
Press Center

Powered by Bitdefender - a leading cyber security technology provider | Copyright © 2008 - 2016. All rights reserved.
  • Home
  • The Team
  • Terms and Conditions
  • Contact
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok