Jack Whitton, a UK based Security Researcher, discovered a flaw in Facebook’s text messaging system. Instead of exploiting the flaw, Jack reported the error to Facebook. And for that, Facebook rewarded him $20,000. The huge reward shows how serious the flaw is.
The bug allows a hacker to spoof Facebook’s text message verification system into sending a password reset code for any account, thus giving hacker access to any account in Facebook. Facebook has since fixed the bug. If you are interested, visit Jack Whitton’s website to find out more.
Facebook is not the only site that encourage developers to report flaws to them. Many companies like Google and Microsoft also have similar schemes. The rewards amounts varies depend on the severity of the flaw.
It is lucky for Facebook that the flaw was discovered by a white hat hacker. Can you imagine the damage if someone exploit that flaw for malicious purpose?