Social networking giant Facebook has had to pay $15000 to a third party security researcher who came up with a simple way of resetting the password of any account in the social media. The glitch they discovered allowed them complete access to any profile and would have been a disaster if the company had not nipped it in the bud with a settlement.
The glitch was discovered by developer Anand Prakash from Bangalore, Karnataka in India. It was later abused by an actor, as described in the user’s blog. The glitch that he discovered is not a direct one, it’s just that brute force attack to determine the password of another account, which is disabled on Facebook’s own servers, can be still done on the Facebook Beta portal.
Prakash discovered that the code that protects the network’s accounts from brute force attack was not running on the beta platform that can be accessed from beta.facebook.com. The beta platform, for those who are not aware, is a platform where most of the social network’s new features get tested before they are implemented in the original site.
The bug has been settle by Facebook and you don’t have to worry about your account being compromised, but it does raises another question – is the Beta version foolproof of bugs now, or are there more bugs out there that are yet to be discovered – or worse – have been discovered without Facebook’s knowledge? Also, why haven’t Facebook taken better security measures to bug proof the security of the Beta platform?