Your Private Email Address Can Be Revealed By This Facebook Hack
Last week Facebook was worried and the reason behind their worry was Tommy DeVoss. This man is a Facebook bug bounty hacker and he has got $5,000 from Facebook for telling Facebook, how he has broken the security and now he has analyzed the private e-mail addresses of the users of Facebook.
Tommy DeVoss said that he doesn’t care about the user’s privacy and he can get any private e-mail addresses of any facebook user he wants. He told this security weakness to facebook on the Thanksgiving Day by means of its bug bounty program. Facebook told, “soon after the authentication of the bug and weakness of the security, on previous Tuesday we gave $5,000 to Tommy DeVoss.”
DeVoss revealed that the bug was in the user-created Facebook Groups feature in which any user of facebook can make his own group on facebook. He told that as the owner of the group he could invite any users of the facebook, accept the request of users who wants to be in the group and also can edit any post in the group.
According to the settings of the facebook you can invite the users to your group as well as you can also send invitations to the facebook users using e-mail addresses, which is linked to facebook. He was also able to open the private e-mail address of the users which were not in the friend list. He also said, according to the privacy of facebook you can keep your e-mail address private but your privacy is also handled by the facebook.
He also said, that when he adding the awaiting requests of the users which he has sent a request to join the group, he located a bug. When the requests were cancelled, the users are sending to the page Roles tab which contains a button for the cancellation of the request. After visiting the mobile view of the Page Roles tab he was competent to see the entire private e-mail addresses of the facebook users whom he desired to remove from the group. After cancellation, he was forwarded to the page which contains the e-mail address in the URL. Then he removed the plaintext version from the URL.
Now the facebook is all set to remove the bug from these privacy and security features. If this continues this will lead to damage the reputation of the most used social networking site facebook. In an interview with Threatpost, DeVoss said that he has got leading payment for this bug bounty program.
Facebook said that they have announced the biggest bug bounty program five years ago. They have given more than $5 million to 900 associates. They also added that in the first half of 2016 they have given approximately $611,741 to 149 associates.