If you think a photo is offending you or is not suitable for any situation, you can report it to Facebook with their Facebook Support Dashboard. But then, no one realized that the tool had a vulnerability, which would let anyone delete a picture from anyone’s profile.
Thanks to the amazing Ethical Hacker, Arul Kumar, from Tamil Nadu, India for identifying this hack and reporting it with a neat video to Facebook. The hacker has revealed how he identified this hack on his blog, and how he reported the bug to Facebook.
And as with any other huge bug, Facebook team has rewarded the hacker with a huge $12,500 bounty. The bug was considered as a critical bug, and the Facebook team has verified that the exploit can be easily done through mobile devices.
The hack takes advantage of the unique IDs which each photo has. The ‘fbid’ value is the ID of a picture and it can be found in the URL of an image. Once the hacker gets the ID of the image, they use two Facebook accounts to access the remove photo link URL. This is done when one of the Facebook account acts as a Sender and the other Facebook account acts as a receiver.
Arul has also clearly explained how the hack works in a neat video, which Facebook appreciated: