back to article Bloke pockets $15k for spotting Facebook password-reset blunder

Facebook has slung US$15,000 in the direction of Anand Prakesh for discovering a serious bug on its beta servers. Late in February, Prakesh writes, he discovered that the company's beta sites didn't rate limit the PINs used for password resets. If you request a password reset via a PIN sent to your phone, after 10 or 12 …

  1. Martin Summers Silver badge

    Not detracting what he did or anything, I'm just gobsmacked they paid out that much for something affecting the beta servers only when you'd expect things to be broken and indeed they aren't like that in production. Got to give credit to Facebook for not trying that one on.

    1. Emma 4

      Though if anyone can access the beta server, then anyone could change someone else's password ...

      1. Black Betty

        Or not. Brute force password on the beta server.

        Use the discovered login credentials on the primary as you please.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020