Security Professional uncovers FB Bug -Earns $20K

About the Facebook vulnerability that was uncovered

A British security researcher successfully uncovered a security bug on Facebook that allows anyone to take over another person’s Facebook account via text message. This vulnerability could have compromised millions of profiles, the researcher reported the bug to Facebook with evidence to earn a 20,000 USD reward from the Social Networking Giant.

Jack Whitton, an application security engineer discovered the bug on May 23rd. He successfully discovered that he could trick Facebook to send him password reset code of any Facebook user, potentially allowing him to gain control of any Facebook account. The bug was fixed in 5 days post being reported to Facebook.

Whitton, describes how the bug could harm Facebook users on his blog which allowed hackers to hijack any profile linked to a cell phone number. Facebook rewarded Whitton with 20K USD as part of its bug bounty program (a program encouraging white hat hackers).

More such opportunities for security professionals

If you are a security professional, such security research could benefit big corporate and yourselves as a professional. Several big brands and companies like Facebook, Microsoft, Google etc. have Bounty programs that encourages white hat hackers and security researchers to identify the security bugs in their products and earn quick money. Let me know your thoughts on the same.