Facebook gives UK man $20k for discovering security flaw

[Deleted member 651465]

This and when was this?

Few years ago, before your time.

I believe a poster knew who it was and tipped off OcUK in the end.

 

[estebanrey]

well it's not one it's potentially millions.

so

phone numbers
email accounts
personal details

from many probably enough to steal identities/make lists of emails or phone numbers to sell on to others.

There are tons of better ways to get phone numbers/emails than resorting to hacking Facebook. As I said above, ID theft is a lot more than just knowing someone's name, the area they live in and what they did in Ibiza last year.

 

[dfarrall]

How is this news, all the big companies have bug bounties.

When OCUK make's one ill start cashing in

 

[One]

lol 13k..

even ocuk were willing to pay 10k during the DDOS attacks.

The damage that guy could have done could have been huge or anyone with malicious intentions that discovered it

There's a significant difference though. DDOsing OcUK directly impedes business. What exactly is the harm if someone gets onto someone elses facebook? They might get fraped? People give far too much credit to facebook and make it seem like some sort of thing nobody could ever live without ever again.

 

[Tefal]

There's a significant difference though. DDOsing OcUK directly impedes business. What exactly is the harm if someone gets onto someone elses facebook? They might get fraped? People give far too much credit to facebook and make it seem like some sort of thing nobody could ever live without ever again.

people stop trusting face boo kand move to competitors.

facebook loses it;s revenue stream as marketing revenue falls.

 

[dowie]

http://www.google.co.uk/about/appsecurity/reward-program/

Same as Google then.

To be honest, who would pay 20k for this on the black market any way?

The real money is probably in zero day exploits for operating systems.

you'd potentially make it back fairly quickly with just a handful of 'celeb' accounts... though perhaps not as much as someone would have prior to the phone hacking scandal

 

[dowie]

There's a significant difference though. DDOsing OcUK directly impedes business. What exactly is the harm if someone gets onto someone elses facebook? They might get fraped? People give far too much credit to facebook and make it seem like some sort of thing nobody could ever live without ever again.

facebook is a tad bigger than ocuk and has a a fair bit more to lose

also personal information getting out is a bit more serious to the consumer than website unavailable, can't buy electronics

 

[dfarrall]

The hit rate for successful ID theft through FB must be pretty poor, when compared to the idea of just getting $20k legitimately.

You could easily script program's to scrape information for thousands before being detected, which would easily outweigh the 13k if sold underground.
The major downside is it's illegal so people would rather opt for 13k legally.