A Facebook bug that would have let anyone, delete ANY video

Fiction has dragon killers, reality has bug hunters. And judging by the size of bounties Facebook and its friends are offering — I would say that both the businesses were almost equally profitable. However, the bug bounty program is worth every penny for Facebook  — as was recently emphasized, when a bug that could have let anyone delete any video, was discovered.

The bug was discovered by Security researcher Dan Melamed, who disclosed the bug to Facebook and received $10,000 for his efforts. Apparently, the new bug was easy enough so that anyone with some basic technical know-how could have operated it.

Basically, you needed to create a Facebook events page and create a random event page. Once done, you would need to simply upload a random video to the page. A browser tool would then be needed to change the Video ID of the video they are uploading with the Video ID of the video they want to delete. Considering that Video ID is available in the address bar, it doesn’t take rocket science to figure this part out.

Finally, tap on “Delete Post” and instead of the crappy video you were uploading, you could have removed a popular music video from that new band with 1 million likes. As simple as that! This bug could also have allowed a user to switch comments off/on on a particular video — withouts its publisher’s permission.

This particular bug reminds one of another bug that let users delete images. These kind of bugs are often caused due to the very largeness of Facebook’s databases. It gets very hard to find and head off such errors from the code itself — Leading to these bug bounty programs and the sort, that have tech geeks diving deep and coming back up with these bugs.

Meanwhile, the bug was reported back in last year and Facebook appears to have fixed it within a month or so of it being discovered. This just goes to show that loopholes exists everywhere — even in Facebook’s seemingly infallible programing — and discovering those loopholes can be pretty damn profitable.