Deja-vu… or how I discovered my acknowledged flaw second hand

To whom it may concern,

In the recent days I was amazed to see that the news spread that a certain Mr. Reza Moaiandin had been able to discover Facebook users through their phone numbers. He states that he has discovered this flaw.

 

https://nakedsecurity.sophos.com/2015/08/11/change-this-facebook-setting-so-you-cant-be-searched-for-by-phone-number/

 

http://www.theregister.co.uk/2015/08/12/facebook_privacy_flap_data_phone_number/

 

However, I had discovered 2 security flaws in early April 2015, both of them were submitted on May 2nd,2015. and I have been awarded the humble sum of 2500 USD for this flaw in question. Report Number: 246267112

Through this flaw I was able to query and acquire the data of 1,200,000 Facebook users, which was necessary to give it proof, and then deleted them on ethical grounds. Please find my correspondence below.

Yours sincerely,

Ibrahim BALIC
Principal Security Researcher
Balich Information Security

 

facebook_bug3

facebook_bug

 

facebook_bug2

Leave a Reply

Your email address will not be published.