+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

A security flaw in Facebook could have let hackers access your private photos

Mar 20, 2015, 19:38 IST

A security researcher has uncovered a flaw in Facebook that allowed apps to access and store photos that were meant to remain private, The Register reports.

Advertisement

Laxman Muthiyah found that any app could get access to private photos by exploiting a weakness in Facebook's API and pretending to be an app that is actually meant to view the photos.

Facebook has already patched the vulnerability, reportedly closing the security hole in 30 minutes by whitelisting official apps that are meant to have access, blocking those that could have used the site's vulnerability to gain access to images they weren't supposed to.

Here's how Muthiyah described the vulnerability:

There are large numbers of Facebook applications which uses user_photos permission to read user's public photos. A malicious app which you are using can read all of your private photos in few seconds.

Advertisement

The problem of malicious apps accessing photos that are meant to remain private is one that has existed for a long time, and not just on Facebook. Last year, a Snapchat client was discovered to have been storing private photos and videos, and its database of images was hacked and posted online.

One reason why security researchers spend so long hunting for bugs in Facebook is the fact that it offers large cash rewards. Muthiyah received a $10,000 reward for his research.

Here's the message that Muthiyah received after Facebook fixed the flaw:


NOW WATCH: 14 things you didn't know your iPhone headphones could do

Please enable Javascript to watch this video
You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article