Researcher Nets $12.5k Reward For Discovering Facebook Photo Deletion Bug

This week a white hat hacker collected a reward from Facebook’s bug bounty program – and a tidy $12,500 it was too – for discovering a bug that would let hackers delete any photo from Facebook. The mechanics of this bug involved changing a few parameters in a URL related to Facebook’s support dashboard, and reporting a photo for deletion to Facebook.

You can read more about how this particular bug was exploited on Arul Kumar’s blog (the white hat who reported the flaw), but the gist of it is that by changing a pair of numbers in the link’s URL, Kumar said he could take down any Facebook photo, from any user — regardless of who that photo actually belonged to, and whether or not that photo had ever actually been reported.

Facebook has now fixed the flaw, but this should serve as a reminder that the information we post and store on social networks is only as safe as the networks themselves choose to make it, and there are people out there who will try to wreak havoc in our digital lives. This is yet another example of how vulnerable our data can be, and that keeping a local copy of your social content is the only way to really take control of your data.

One such way is to use SocialSafe to download your social content to your own machine, giving you a local copy of all your photos, comments, messages, posts and memories. Find anything you’ve ever said, safe in the confidence that whatever misfortune may befall the original copies on the host networks, you’ve still got access to your whole story, whenever you want it.


  1. Technology isn’t perfect. I think it’s important to have redundancies in place because there is no singular way to ensure anything is safely stored anywhere.

    1. Hi Terri,

      We completely agree, and that is why we do what we do! By giving our users a way to back up their content to their own machines, we give them the control to look after their own data.

      Obviously accidents can happen, but by having a copy of your own data and choosing exactly how and where you store it removes any risk of a third-party (eg the networks themselves, or a cloud backup service) not treating it with the same level of care that you would if you held the data yourself.

      Slightly off topic, but I’ve just noticed your comment on one of our YouTube videos about Instagram Video backup, which I have replied to. Please feel free to drop me an email on andy@socialsafe.net and we can talk about your question in more detail.

      Thanks for reading our blog and for taking the time to join the discussion 🙂

      – Andy

Comments are closed.