Stephen Sclafani , a Security Researcher, has discovered a critical security vulnerability in the Social Networking giant Facebook that allowed him to hack any facebook accounts.
"A misconfigured endpoint allowed legacy REST API calls to be made on behalf of any Facebook user using only their user ID" Stephen explained in his blog.
The Facebook REST API is said to be predecessor of Facebook’s current Graph API. He managed to send request to server using this API such that it will update status on behalf of victim.
Stephen found this bug in April 23 and reported to Facebook. After getting notification, Facebook permanently fixed the bug on April 30th. Facebook awarded $20,000 bounty to him for finding and reporting this bug.
"A misconfigured endpoint allowed legacy REST API calls to be made on behalf of any Facebook user using only their user ID" Stephen explained in his blog.
The Facebook REST API is said to be predecessor of Facebook’s current Graph API. He managed to send request to server using this API such that it will update status on behalf of victim.
Stephen found this bug in April 23 and reported to Facebook. After getting notification, Facebook permanently fixed the bug on April 30th. Facebook awarded $20,000 bounty to him for finding and reporting this bug.
Hi! I am Ajay Kumar Kalva, Currently serving as the CEO of this site, a tech geek by passion, and a chemical process engineer by profession, i'm interested in writing articles regarding technology, hacking and pharma technology. 
