$20,000 bug

A British security researcher, Jack Whitton, uncovered a Facebook security bug that allowed him to take over someone else’s account by resetting a user’s password via text message. Facebook rewarded him $20,000 for reporting the issue.

Jack Whitton is a British security researcher who found an exploit in Facebook’s systems that enabled password resets via text message, a flaw that could be used to take over accounts.

According to the report, the exploit allowed an attacker to reset a user’s password using text message verification, and the vulnerability could have compromised millions of Facebook profiles.

Facebook rewarded the researcher $20,000 after he reported the vulnerability — indicating the company acknowledged the issue and paid a bounty for the disclosure.

In this instance, Facebook paid $20,000 to a researcher who responsibly disclosed a security flaw. Such payments reward individuals who find and report vulnerabilities so companies can fix them before they are abused.

Security flaws can affect user trust and a company’s reputation, so investors often watch such incidents. This article reports a serious exploit that could have affected millions, and that context may be relevant when assessing company risk.

Yes — the reported exploit enabled password resets via text message, which could let an attacker take over accounts. The article notes the flaw could have compromised millions of profiles, making it a potentially serious security issue.

The article summarizes that Jack Whitton found the exploit and Facebook paid a $20,000 reward; you can follow the original news link cited in the report for more details.