1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

This guy could have deleted EVERY single photograph off Facebook - but didn't.

Discussion in 'BlackHat Lounge' started by Trepanated, Feb 13, 2015.

  1. Trepanated

    Trepanated Supreme Member

    Joined:
    Sep 18, 2010
    Messages:
    1,395
    Likes Received:
    5,384
    This guy figured out a way to delete any photo album from Facebook - using just four lines of code.

    And he could have easily written a routine to then rampage through Facebook and delete every single photograph on the site.

    Just think about that for a second.

    Imagine the damage he could have caused to Facebook if he had deleted every single photograph. There would have been pandemonium.

    Luckily for Facebook (and everyone else), his intentions were good. He reported the issue to Facebook and they fixed the problem in a couple of hours.

    And their reward to him, for saving them from untold damage to their reputation - $12,500!

    Here's a link to the article:

    http://www.gizmodo.co.uk/2015/02/some-guy-figured-out-how-to-delete-every-photo-on-facebook/
     
    • Thanks Thanks x 22
  2. genius1969

    genius1969 Junior Member

    Joined:
    Jan 26, 2009
    Messages:
    104
    Likes Received:
    24
    He wuldn't be able to delete all of the albums on fb, as it requires so much time, even if the process is automated, fb team would fix it right at the beggining.

    Also, I don't see a way to earn money from this. not more than 12,500$, as for any method, facebook would fix the problem soon.

    So he made the right choice ;)
     
  3. ferma231

    ferma231 Elite Member

    Joined:
    Jul 14, 2011
    Messages:
    1,698
    Likes Received:
    3,514
    Location:
    Internet
    But he could delete all photos within few hours, imagine when all Mark photos get deleted, it would take few hours to even realize that, and then few h to fix it.
    Still lucky for FB , he didnt have bad intentions and $12k is nothing compared to damage that could be done if this would be in wrong hands
     
    • Thanks Thanks x 1
  4. Aty

    Aty Jr. VIP Jr. VIP

    Joined:
    Jan 27, 2011
    Messages:
    5,994
    Likes Received:
    4,089
    Occupation:
    SEO (Senior Erection Officer)
    Location:
    your 6 o'clock
    Home Page:
    They could have paid him a bit more, or even hire him.
     
    • Thanks Thanks x 5
  5. ChanzGrande

    ChanzGrande Elite Member

    Joined:
    Feb 16, 2008
    Messages:
    2,487
    Likes Received:
    1,179
    Occupation:
    Accountant
    Location:
    Northern Woods Counting Money
    I think their redundancy would likely make it so they would simply be able to put the pictures back anyway, but yes this would have definitely been a gigantic PR problem for facebook. Glad he did the right thing.
     
    • Thanks Thanks x 1
  6. Trepanated

    Trepanated Supreme Member

    Joined:
    Sep 18, 2010
    Messages:
    1,395
    Likes Received:
    5,384
    Oh for sure - they'd definitely have been able to restore them.

    But like you say, the damage would have been reputational - there would have been a media storm.

    I'm sure the guy will do well out of it too. His reward from Facebook was a pittance, but I've got no doubt he'll get a few interesting job offers out of it.
     
  7. genius1969

    genius1969 Junior Member

    Joined:
    Jan 26, 2009
    Messages:
    104
    Likes Received:
    24
    Delete all photos within a few hours? It would take many days or even months only to scrape all of the albums:) and such gigantic data won't be deleted in a few hours, how much requests per second do you think is needed take everything down? Also fb would discover such activity in minutes. About Marks profile, I'm sure he has backups, or even if he dosn't, that wouldn't harm him a lot ;)

    I agree with davers, it would be more of PR problem, a huge problem and yes, they could pay him more
     
  8. BassTrackerBoats

    BassTrackerBoats Super Moderator Staff Member Moderator Jr. VIP

    Joined:
    Mar 10, 2010
    Messages:
    17,339
    Likes Received:
    31,825
    Occupation:
    Selling CPA Sites
    Location:
    Not England
    Home Page:
    He sounds like a decent guy as he could have done some stupid stuff with this; I'm surprised at the low $ amount of 12K from FB.

    He saved FB from some seriously bad reputation issues... I saw the headline on a few different news sites so I would not be surprised if someone, or several someones, does not try to grab this guy based on his skill set and his ethics.
     
    • Thanks Thanks x 3
  9. pxoxrxn

    pxoxrxn Supreme Member

    Joined:
    Dec 21, 2011
    Messages:
    1,398
    Likes Received:
    2,073
  10. Trepanated

    Trepanated Supreme Member

    Joined:
    Sep 18, 2010
    Messages:
    1,395
    Likes Received:
    5,384
    He wouldn't have needed to scrape anything. He did it with API calls.

    Plus, he said the ID numbers for the albums were sequential, so that would have made things a whole lot easier.

    I agree though that it would have been picked up long before every photo was deleted.
     
  11. iggypop

    iggypop Junior Member

    Joined:
    Feb 25, 2009
    Messages:
    171
    Likes Received:
    52
    Your linkbait and article writing skills are fantastic! I clicked on it anyway, cause it did look appealing, and I smell linkbait from a mile away normally.

    Not being sarcastic.

    Also wanted to point out that no one else mentioned that, and we're on an IM forum.

    As far as this audience is concerned, that should be what your post is REALLY about.

    Cheers
     
    • Thanks Thanks x 2
  12. Ben1123

    Ben1123 Junior Member

    Joined:
    Jan 2, 2010
    Messages:
    111
    Likes Received:
    24
    Well he also probably wanted to avoid the legal issues that would have surely ensued. :) They would have gone down on him hard.
     
  13. Trepanated

    Trepanated Supreme Member

    Joined:
    Sep 18, 2010
    Messages:
    1,395
    Likes Received:
    5,384
    Haha - don't worry, I'll take it as a compliment.

    I honestly wasn't linkbaiting. I just wanted to write an interesting title. Maybe they are one and the same thing though.

    If I was deliberately linkbaiting, this is the sort of title I would have written:

    With these 4 simple lines of code you can delete anyone's photo albums from Facebook!

    How many people wouldn't have wanted to find that out? :)
     
  14. srb888

    srb888 Elite Member

    Joined:
    Jul 30, 2008
    Messages:
    3,267
    Likes Received:
    5,083
    Gender:
    Male
    Occupation:
    WebzSurfer
    Location:
    Sun, Mon, Tue, WTF, Sat!!! :)
    I think he must have found a bigger loophole also, which he will not disclose so soon. ;)
     
  15. genius1969

    genius1969 Junior Member

    Joined:
    Jan 26, 2009
    Messages:
    104
    Likes Received:
    24
    my bad:) didn't look into the artice details

    He should ask: dear fb, how much will you pay me, if I report a bug, which could delete all of the photo albums on fb. I think in this position, they would offer more money :)
     
  16. fatboy

    fatboy Elite Member

    Joined:
    Aug 13, 2008
    Messages:
    1,618
    Likes Received:
    3,232
    Occupation:
    Retired
    Location:
    Old Peoples Home
    Hopefully he finds something in another 4 lines of code that takes FB off air completely. I am probably just a miserable old git though who misses the face to face stuff of days gone by!
     
    • Thanks Thanks x 2
  17. Trepanated

    Trepanated Supreme Member

    Joined:
    Sep 18, 2010
    Messages:
    1,395
    Likes Received:
    5,384
    It does have its benefits though.

    Remember back in the old days when you went out for dinner:

    You had to stop off on the way to the restaurant to buy a roll of film
    And on the way home you had to go to a 1 hour photo shop to get the photographs developed and printed.
    While you were waiting for that you had to go to the post office and buy a few dozen postage stamps
    And also find somewhere to buy a packet of envelopes
    Then, when you got home, you had to write the addresses of all your friends on on all those envelopes
    And put stamps on them
    And stick the photographs of your dinner inside the envelopes
    And then you had to run to the post box so you could catch the last post.

    Facebook lets people bore the living shit out of their friends for free, instantly and without even leaving the table.

    So it's not all bad.
     
    • Thanks Thanks x 4
  18. DanTe_0101

    DanTe_0101 BANNED BANNED

    Joined:
    Mar 2, 2012
    Messages:
    988
    Likes Received:
    806
    lol only 12.5k?
    Thats pretty low
     
  19. netmoney1

    netmoney1 Executive VIP Jr. VIP

    Joined:
    Feb 21, 2012
    Messages:
    3,617
    Likes Received:
    11,013
    $12,500 for something that would have ruined them? What a bunch of cheap pricks.

    Think of the media damage that would have happened if everyones FB pictures went away.

    Sadly, it would have been covered more than any political or world news event.

    It would have been the #1 story on EVERY SINGLE media outlet. Their stock would have hit the shitter.

    TWELVE GRAND?!?!?!?!?!

    Fuck you Facebook.

    That is such a slap in the face. $0 would have been easier to swallow than $12,500.
     
    • Thanks Thanks x 9
  20. bartosimpsonio

    bartosimpsonio Jr. VIP Jr. VIP Premium Member

    Joined:
    Mar 21, 2013
    Messages:
    12,774
    Likes Received:
    11,429
    Occupation:
    COINZ
    Location:
    BUYAH
    Home Page:
    I would have dealt a better hand before giving them the clue. At least U$ 50 K

    But this wasn't a very sophisticated hack anyway, I doubt the guy that founnd would've gone very far exploiting it.