
I figured out a way to hack any of Facebook’s 2B accounts - gregorymichael
https://medium.freecodecamp.org/responsible-disclosure-how-i-could-have-hacked-all-facebook-accounts-f47c0252ae4d
======
master_ant
Holy crap. $15k for brute-forcing an unthrottled endpoint with GET requests?
gratz on that payout

~~~
IshKebab
I assume payouts are linked to the severity of the attack rather than
elegance.

Also in this case the throttling is an absolute requirement rather than a
"nice to have, users set good passwords right?" thing.

------
jackhack
Not the smartest thing, to go posting a photo of one's credit card,
considering there are only 999 combinations of the security # on the back.
Hopefully Visa is smarter than facebook in this regard.

------
dmitrygr
What would this vulnerability be worth in the open market? 10 times that?
100x?

~~~
johnsonjo
I’m sure it would be way less legal that route.

