Lumension® Endpoint Intelligence Center

Intelligence Center » News Archive » Crusty API opened Facebook accounts to hijacking

Crusty API opened Facebook accounts to hijacking


The Register - (International) A security researcher revealed that a legacy API in Facebook allowed attackers to make REST API calls on behalf of Facebook users if their user ID was known, allowing attackers to update statuses, like content, and upload or delete photos. The flaw was reported to Facebook in April and fixed by Facebook, earning the researcher $20,000 through Facebook's bug bounty program.


Note: This news synopsis is taken from the DHS Daily Open Source Infrastructure Report, a daily [Monday through Friday, except US Federal holidays] summary of open-source published information concerning significant critical infrastructure issues; a 10-day archive of the DOSIR can be found at:

Last Updated: 27 May 2016 10:20:53