This week a white hat hacker collected a reward from Facebook’s bug bounty program – and a tidy $12,500 it was too – for discovering a bug that would let hackers delete any photo from Facebook. The mechanics of this bug involved changing a few parameters in a URL related to Facebook’s support dashboard, and reporting a photo for deletion to Facebook.
You can read more about how this particular bug was exploited on Arul Kumar’s blog (the white hat who reported the flaw), but the gist of it is that by changing a pair of numbers in the link’s URL, Kumar said he could take down any Facebook photo, from any user — regardless of who that photo actually belonged to, and whether or not that photo had ever actually been reported.
Facebook has now fixed the flaw, but this should serve as a reminder that the information we post and store on social networks is only as safe as the networks themselves choose to make it, and there are people out there who will try to wreak havoc in our digital lives. This is yet another example of how vulnerable our data can be, and that keeping a local copy of your social content is the only way to really take control of your data.
One such way is to use SocialSafe to download your social content to your own machine, giving you a local copy of all your photos, comments, messages, posts and memories. Find anything you’ve ever said, safe in the confidence that whatever misfortune may befall the original copies on the host networks, you’ve still got access to your whole story, whenever you want it.