{"id":4695,"date":"2024-07-02T07:15:47","date_gmt":"2024-07-02T07:15:47","guid":{"rendered":"https:\/\/secry.me\/explore\/?p=4695"},"modified":"2024-07-02T07:48:43","modified_gmt":"2024-07-02T07:48:43","slug":"bug-hunter-exposes-critical-facebook-idor-vulnerability-in-contact-removal-tool","status":"publish","type":"post","link":"https:\/\/secry.me\/explore\/bug-hunter-exposes-critical-facebook-idor-vulnerability-in-contact-removal-tool\/","title":{"rendered":"Bug Hunter Exposes Critical Facebook IDOR Vulnerability in Contact Removal Tool"},"content":{"rendered":"<div class=\"c7f5092f831f91fb6af859cc3a8052cc\" data-index=\"4\" style=\"float: none; margin:10px 0 10px 0; text-align:center;\">\n<script async src=\"https:\/\/securepubads.g.doubleclick.net\/tag\/js\/gpt.js\"><\/script>\r\n<script>\r\n  window.googletag = window.googletag || {cmd: []};\r\n  googletag.cmd.push(function() {\r\n    googletag.defineSlot('\/22608490431\/iklan1', [[320, 100], [300, 50]], 'div-gpt-ad-1696178236578-0').addService(googletag.pubads());\r\n    googletag.pubads().enableSingleRequest();\r\n    googletag.enableServices();\r\n  });\r\n<\/script>\r\n<!-- \/22608490431\/iklan1 -->\r\n<div id='div-gpt-ad-1696178236578-0' style='min-width: 300px; min-height: 50px;'>\r\n  <script>\r\n    googletag.cmd.push(function() { googletag.display('div-gpt-ad-1696178236578-0'); });\r\n  <\/script>\r\n<\/div>\n<\/div>\n<h2>Bug Hunter Uncovers Critical IDOR Vulnerability in Facebook&#8217;s Contact Removal Tool<\/h2>\n<h3>The Discovery of a Significant Security Flaw<\/h3>\n<p><strong>Facebook IDOR vulnerability &#8211;<\/strong> Recently, a skilled <a href=\"https:\/\/secry.me\/explore\/category\/bug-bounty\/\">bug hunter<\/a> named Amine Aboud recently uncovered a significant security flaw in Facebook&#8217;s systems. This vulnerability, known as an Insecure Direct Object Reference (IDOR), affected the Facebook <a href=\"https:\/\/www.google.com\/search?q=Contacts+Removal+Too\">Contacts Removal Tool<\/a>. If left unchecked, it could have allowed malicious actors to delete any user&#8217;s contact information from the address books of Facebook, Messenger, and Instagram without proper authorization.<\/p>\n<h3>Understanding the Vulnerability<\/h3>\n<p>Upon investigation, the bug hunter discovered that the Contacts Removal Tool, accessible at facebook.com\/contacts\/removal, had a critical weakness in its authorization checks. While the tool was designed to let users remove their own contact details after verifying ownership through a one-time password (OTP), Aboud nonetheless found a way to bypass this security measure.<\/p>\n<p>By cleverly manipulating the contactpoint ID parameter in the GraphQL deletion request, he demonstrated that an attacker could potentially remove email addresses or phone numbers belonging to other users. Moreover, this action would add the removed contacts to a block list, thus preventing their re-importation into the system.<\/p>\n<h3>Reproducing the Facebook IDOR Vulnerability: Technical Details<\/h3>\n<p>Aboud meticulously documented the reproduction steps for this vulnerability. First, he began by visiting the tool&#8217;s URL and selecting the option to remove an email address or phone number. Next, after completing a CAPTCHA and receiving an OTP to confirm his own contact details, he used a tool called Blurp to intercept the deletion request. At this critical juncture, he altered the contactpoint parameter to target an email or phone number he did not own and sent the modified request.<\/p>\n<p>Surprisingly, the system confirmed the deletion and blocking of the unauthorized contact from Facebook&#8217;s databases. Furthermore, Aboud discovered that he could trigger this issue through a direct GraphQL POST request, completely bypassing the OTP validation process.<\/p>\n<h3>Additional Findings and Potential Impact<\/h3>\n<p>In addition to the main vulnerability, the bug hunter provided specific examples of the GraphQL requests for both email and phone number removal, thus demonstrating the ease with which an attacker could exploit this vulnerability. Importantly, he noted that the Contacts Removal Tool did not require users to log in, and what&#8217;s more, the vulnerable GraphQL request lacked rate limiting protections. Consequently, these oversights could have allowed for mass deletion and blocking of random emails and phone numbers from the database.<\/p>\n<h3>Facebook&#8217;s Response to the IDOR Vulnerability Report<\/h3>\n<p>Acting responsibly, Aboud reported his findings to Facebook on March 1, 2024. Subsequently, the company acknowledged the issue on March 12 and swiftly implemented a fix by March 17. In recognition of the significance of this discovery, Facebook awarded Aboud a bounty on April 15, 2024.<\/p>\n<h3>Ethical Hacking and Bug Bounties: Safeguarding Against IDOR Vulnerabilities<\/h3>\n<p>Undoubtedly, this case highlights the crucial role that ethical hackers and <a href=\"https:\/\/secry.me\/explore\/bug-hunter-uncovers-critical-idor-vulnerability-in-facebooks-contact-removal-tool\/\">bug bounty<\/a> programs play in identifying and addressing potential security risks before they can be exploited by malicious actors. Additionally, it serves as a reminder of the ongoing challenges that major tech companies face in securing their complex systems and protecting user data.<\/p>\n<h3>Lessons from this Facebook IDOR Vulnerability: Future Implications<\/h3>\n<p>In conclusion, the discovery of this IDOR vulnerability underscores the importance of rigorous security testing and the need for companies to continuously evaluate and improve their authorization processes. As a result, maintaining robust security measures becomes increasingly critical to safeguard user information and maintain trust in online services, especially as digital platforms continue to evolve and interconnect.<\/p>\n<div class=\"x1e56ztr\"><strong><span class=\"x193iq5w xeuugli x1fj9vlw x13faqbe x1vvkbs xt0psk2 xt4736n x1havqas x1f0sm9e x12qp5cl xzsf02u x1yc453h\">\u2013Meta bug bounty program<\/span><\/strong><\/div>\n<div><\/div>\n<div><\/div>\n<p>&nbsp;<\/p>\n<p><strong>Link to read full write up:<\/strong>https:\/\/amineaboud.medium.com\/idor-vulnerability-allowing-any-contact-point-to-be-removed-from-facebook-messenger-instagram-f878b0ab7e71<\/p>\n<p><strong>Save the PDF<\/strong>\u00a0<a href=\"https:\/\/secry.me\/explore\/pdf-story\/IDOR\/IDOR%20Vulnerability%20Allowed%20Removal%20of%20Any%20Contact%20Point%20from%20the%20Address%20Book%20Database%20of%20Facebook,%20Messenger,%20and%20Instagram.%20_%20by%20Amine%20Aboud%20_%20Medium.pdf\"><em>here<\/em><\/a><\/p>\n<div id=\"urban-overlay\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n\n<div style=\"font-size: 0px; height: 0px; line-height: 0px; margin: 0; padding: 0; clear: both;\"><\/div>","protected":false},"excerpt":{"rendered":"<p>Bug Hunter Uncovers Critical IDOR Vulnerability in Facebook&#8217;s Contact Removal Tool The Discovery of a Significant Security Flaw Facebook IDOR vulnerability &#8211; Recently, a skilled bug hunter named Amine Aboud recently uncovered a significant security flaw in Facebook&#8217;s systems. This vulnerability, known as an Insecure Direct Object Reference (IDOR), affected the Facebook Contacts Removal Tool. [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":4700,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[136,116,461],"tags":[13,117,451,475,144,449,447],"class_list":{"0":"post-4695","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-bug-bounty","8":"category-idor","9":"category-meta-bug-bounty","10":"tag-bug-bounty","11":"tag-facebook","12":"tag-facebook-bug-bounty","13":"tag-graphql","14":"tag-idor","15":"tag-meta","16":"tag-meta-bug-bounty"},"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v21.4 (Yoast SEO v27.6) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Bug Hunter Exposes Critical Facebook IDOR Vulnerability in Contact Removal Tool | SECRY<\/title>\n<meta name=\"description\" content=\"Bug Hunter Uncovers Critical IDOR Vulnerability in Facebook&#039;s Contact Removal Tool The Discovery of a Significant Security Flaw Facebook IDOR\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/secry.me\/explore\/bug-hunter-exposes-critical-facebook-idor-vulnerability-in-contact-removal-tool\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Bug Hunter Exposes Critical Facebook IDOR Vulnerability in Contact Removal Tool | SECRY\" \/>\n<meta property=\"og:description\" content=\"Bug Hunter Uncovers Critical IDOR Vulnerability in Facebook&#039;s Contact Removal Tool The Discovery of a Significant Security Flaw Facebook IDOR\" \/>\n<meta property=\"og:url\" content=\"https:\/\/secry.me\/explore\/bug-hunter-exposes-critical-facebook-idor-vulnerability-in-contact-removal-tool\/\" \/>\n<meta property=\"og:site_name\" content=\"SECRY\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/secry.me\" \/>\n<meta property=\"article:published_time\" content=\"2024-07-02T07:15:47+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-07-02T07:48:43+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/secry.me\/explore\/wp-content\/uploads\/2024\/07\/Facebook-IDOR-Vulnerability.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"720\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Christin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Christin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"NewsArticle\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/bug-hunter-exposes-critical-facebook-idor-vulnerability-in-contact-removal-tool\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/bug-hunter-exposes-critical-facebook-idor-vulnerability-in-contact-removal-tool\\\/\"},\"author\":{\"name\":\"Christin\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#\\\/schema\\\/person\\\/bf08de9f590b8968a1d054728257190f\"},\"headline\":\"Bug Hunter Exposes Critical Facebook IDOR Vulnerability in Contact Removal Tool\",\"datePublished\":\"2024-07-02T07:15:47+00:00\",\"dateModified\":\"2024-07-02T07:48:43+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/bug-hunter-exposes-critical-facebook-idor-vulnerability-in-contact-removal-tool\\\/\"},\"wordCount\":607,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/bug-hunter-exposes-critical-facebook-idor-vulnerability-in-contact-removal-tool\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/secry.me\\\/explore\\\/wp-content\\\/uploads\\\/2024\\\/07\\\/Facebook-IDOR-Vulnerability.png\",\"keywords\":[\"Bug Bounty\",\"Facebook\",\"Facebook Bug Bounty\",\"Graphql\",\"idor\",\"META\",\"Meta Bug Bounty\"],\"articleSection\":[\"Bug Bounty\",\"IDOR\",\"Meta Bug Bounty\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/secry.me\\\/explore\\\/bug-hunter-exposes-critical-facebook-idor-vulnerability-in-contact-removal-tool\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/bug-hunter-exposes-critical-facebook-idor-vulnerability-in-contact-removal-tool\\\/\",\"url\":\"https:\\\/\\\/secry.me\\\/explore\\\/bug-hunter-exposes-critical-facebook-idor-vulnerability-in-contact-removal-tool\\\/\",\"name\":\"Bug Hunter Exposes Critical Facebook IDOR Vulnerability in Contact Removal Tool | SECRY\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/bug-hunter-exposes-critical-facebook-idor-vulnerability-in-contact-removal-tool\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/bug-hunter-exposes-critical-facebook-idor-vulnerability-in-contact-removal-tool\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/secry.me\\\/explore\\\/wp-content\\\/uploads\\\/2024\\\/07\\\/Facebook-IDOR-Vulnerability.png\",\"datePublished\":\"2024-07-02T07:15:47+00:00\",\"dateModified\":\"2024-07-02T07:48:43+00:00\",\"description\":\"Bug Hunter Uncovers Critical IDOR Vulnerability in Facebook's Contact Removal Tool The Discovery of a Significant Security Flaw Facebook IDOR\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/bug-hunter-exposes-critical-facebook-idor-vulnerability-in-contact-removal-tool\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/secry.me\\\/explore\\\/bug-hunter-exposes-critical-facebook-idor-vulnerability-in-contact-removal-tool\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/bug-hunter-exposes-critical-facebook-idor-vulnerability-in-contact-removal-tool\\\/#primaryimage\",\"url\":\"https:\\\/\\\/secry.me\\\/explore\\\/wp-content\\\/uploads\\\/2024\\\/07\\\/Facebook-IDOR-Vulnerability.png\",\"contentUrl\":\"https:\\\/\\\/secry.me\\\/explore\\\/wp-content\\\/uploads\\\/2024\\\/07\\\/Facebook-IDOR-Vulnerability.png\",\"width\":1280,\"height\":720,\"caption\":\"Facebook IDOR Vulnerability: Contacts Removal Tool\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/bug-hunter-exposes-critical-facebook-idor-vulnerability-in-contact-removal-tool\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/secry.me\\\/explore\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Bug Hunter Exposes Critical Facebook IDOR Vulnerability in Contact Removal Tool\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#website\",\"url\":\"https:\\\/\\\/secry.me\\\/explore\\\/\",\"name\":\"SECRY\",\"description\":\"#1 Cyber [SEC]urity Sto[RY]  -  News &amp; Bug Bounty Story Collections\",\"publisher\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#organization\"},\"alternateName\":\"Security Story\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/secry.me\\\/explore\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#organization\",\"name\":\"#1 Cyber [SEC]urity Sto[RY] - News & Bug Bounty Story Collections\",\"alternateName\":\"SECRY\",\"url\":\"https:\\\/\\\/secry.me\\\/explore\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/secryweb.sirv.com\\\/WP_secry.me\\\/2022\\\/06\\\/cropped-SECRY.webp\",\"contentUrl\":\"https:\\\/\\\/secryweb.sirv.com\\\/WP_secry.me\\\/2022\\\/06\\\/cropped-SECRY.webp\",\"width\":512,\"height\":512,\"caption\":\"#1 Cyber [SEC]urity Sto[RY] - News & Bug Bounty Story Collections\"},\"image\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/secry.me\",\"https:\\\/\\\/pinterest.com\\\/secry_me\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#\\\/schema\\\/person\\\/bf08de9f590b8968a1d054728257190f\",\"name\":\"Christin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g\",\"caption\":\"Christin\"},\"description\":\"A cybersecurity practitioner with more than 5 years of experience in the cybersecurity world. Has an interest in creating simple blog websites, learning about SEO and graphic design, writing, AI, and understanding the concepts of journalism. Intentionally created this website to make the world of cybersecurity more engaging by combining it with journalistic principles and presenting cybersecurity stories that are easy to understand, which can help anyone who wants to develop in the cybersecurity world.\",\"sameAs\":[\"https:\\\/\\\/secry.me\\\/explore\"],\"url\":\"https:\\\/\\\/secry.me\\\/explore\\\/author\\\/secry\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Bug Hunter Exposes Critical Facebook IDOR Vulnerability in Contact Removal Tool | SECRY","description":"Bug Hunter Uncovers Critical IDOR Vulnerability in Facebook's Contact Removal Tool The Discovery of a Significant Security Flaw Facebook IDOR","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/secry.me\/explore\/bug-hunter-exposes-critical-facebook-idor-vulnerability-in-contact-removal-tool\/","og_locale":"en_US","og_type":"article","og_title":"Bug Hunter Exposes Critical Facebook IDOR Vulnerability in Contact Removal Tool | SECRY","og_description":"Bug Hunter Uncovers Critical IDOR Vulnerability in Facebook's Contact Removal Tool The Discovery of a Significant Security Flaw Facebook IDOR","og_url":"https:\/\/secry.me\/explore\/bug-hunter-exposes-critical-facebook-idor-vulnerability-in-contact-removal-tool\/","og_site_name":"SECRY","article_publisher":"https:\/\/www.facebook.com\/secry.me","article_published_time":"2024-07-02T07:15:47+00:00","article_modified_time":"2024-07-02T07:48:43+00:00","og_image":[{"width":1280,"height":720,"url":"https:\/\/secry.me\/explore\/wp-content\/uploads\/2024\/07\/Facebook-IDOR-Vulnerability.png","type":"image\/png"}],"author":"Christin","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Christin","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"NewsArticle","@id":"https:\/\/secry.me\/explore\/bug-hunter-exposes-critical-facebook-idor-vulnerability-in-contact-removal-tool\/#article","isPartOf":{"@id":"https:\/\/secry.me\/explore\/bug-hunter-exposes-critical-facebook-idor-vulnerability-in-contact-removal-tool\/"},"author":{"name":"Christin","@id":"https:\/\/secry.me\/explore\/#\/schema\/person\/bf08de9f590b8968a1d054728257190f"},"headline":"Bug Hunter Exposes Critical Facebook IDOR Vulnerability in Contact Removal Tool","datePublished":"2024-07-02T07:15:47+00:00","dateModified":"2024-07-02T07:48:43+00:00","mainEntityOfPage":{"@id":"https:\/\/secry.me\/explore\/bug-hunter-exposes-critical-facebook-idor-vulnerability-in-contact-removal-tool\/"},"wordCount":607,"commentCount":0,"publisher":{"@id":"https:\/\/secry.me\/explore\/#organization"},"image":{"@id":"https:\/\/secry.me\/explore\/bug-hunter-exposes-critical-facebook-idor-vulnerability-in-contact-removal-tool\/#primaryimage"},"thumbnailUrl":"https:\/\/secry.me\/explore\/wp-content\/uploads\/2024\/07\/Facebook-IDOR-Vulnerability.png","keywords":["Bug Bounty","Facebook","Facebook Bug Bounty","Graphql","idor","META","Meta Bug Bounty"],"articleSection":["Bug Bounty","IDOR","Meta Bug Bounty"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/secry.me\/explore\/bug-hunter-exposes-critical-facebook-idor-vulnerability-in-contact-removal-tool\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/secry.me\/explore\/bug-hunter-exposes-critical-facebook-idor-vulnerability-in-contact-removal-tool\/","url":"https:\/\/secry.me\/explore\/bug-hunter-exposes-critical-facebook-idor-vulnerability-in-contact-removal-tool\/","name":"Bug Hunter Exposes Critical Facebook IDOR Vulnerability in Contact Removal Tool | SECRY","isPartOf":{"@id":"https:\/\/secry.me\/explore\/#website"},"primaryImageOfPage":{"@id":"https:\/\/secry.me\/explore\/bug-hunter-exposes-critical-facebook-idor-vulnerability-in-contact-removal-tool\/#primaryimage"},"image":{"@id":"https:\/\/secry.me\/explore\/bug-hunter-exposes-critical-facebook-idor-vulnerability-in-contact-removal-tool\/#primaryimage"},"thumbnailUrl":"https:\/\/secry.me\/explore\/wp-content\/uploads\/2024\/07\/Facebook-IDOR-Vulnerability.png","datePublished":"2024-07-02T07:15:47+00:00","dateModified":"2024-07-02T07:48:43+00:00","description":"Bug Hunter Uncovers Critical IDOR Vulnerability in Facebook's Contact Removal Tool The Discovery of a Significant Security Flaw Facebook IDOR","breadcrumb":{"@id":"https:\/\/secry.me\/explore\/bug-hunter-exposes-critical-facebook-idor-vulnerability-in-contact-removal-tool\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/secry.me\/explore\/bug-hunter-exposes-critical-facebook-idor-vulnerability-in-contact-removal-tool\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secry.me\/explore\/bug-hunter-exposes-critical-facebook-idor-vulnerability-in-contact-removal-tool\/#primaryimage","url":"https:\/\/secry.me\/explore\/wp-content\/uploads\/2024\/07\/Facebook-IDOR-Vulnerability.png","contentUrl":"https:\/\/secry.me\/explore\/wp-content\/uploads\/2024\/07\/Facebook-IDOR-Vulnerability.png","width":1280,"height":720,"caption":"Facebook IDOR Vulnerability: Contacts Removal Tool"},{"@type":"BreadcrumbList","@id":"https:\/\/secry.me\/explore\/bug-hunter-exposes-critical-facebook-idor-vulnerability-in-contact-removal-tool\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/secry.me\/explore\/"},{"@type":"ListItem","position":2,"name":"Bug Hunter Exposes Critical Facebook IDOR Vulnerability in Contact Removal Tool"}]},{"@type":"WebSite","@id":"https:\/\/secry.me\/explore\/#website","url":"https:\/\/secry.me\/explore\/","name":"SECRY","description":"#1 Cyber [SEC]urity Sto[RY]  -  News &amp; Bug Bounty Story Collections","publisher":{"@id":"https:\/\/secry.me\/explore\/#organization"},"alternateName":"Security Story","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/secry.me\/explore\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/secry.me\/explore\/#organization","name":"#1 Cyber [SEC]urity Sto[RY] - News & Bug Bounty Story Collections","alternateName":"SECRY","url":"https:\/\/secry.me\/explore\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secry.me\/explore\/#\/schema\/logo\/image\/","url":"https:\/\/secryweb.sirv.com\/WP_secry.me\/2022\/06\/cropped-SECRY.webp","contentUrl":"https:\/\/secryweb.sirv.com\/WP_secry.me\/2022\/06\/cropped-SECRY.webp","width":512,"height":512,"caption":"#1 Cyber [SEC]urity Sto[RY] - News & Bug Bounty Story Collections"},"image":{"@id":"https:\/\/secry.me\/explore\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/secry.me","https:\/\/pinterest.com\/secry_me"]},{"@type":"Person","@id":"https:\/\/secry.me\/explore\/#\/schema\/person\/bf08de9f590b8968a1d054728257190f","name":"Christin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g","caption":"Christin"},"description":"A cybersecurity practitioner with more than 5 years of experience in the cybersecurity world. Has an interest in creating simple blog websites, learning about SEO and graphic design, writing, AI, and understanding the concepts of journalism. Intentionally created this website to make the world of cybersecurity more engaging by combining it with journalistic principles and presenting cybersecurity stories that are easy to understand, which can help anyone who wants to develop in the cybersecurity world.","sameAs":["https:\/\/secry.me\/explore"],"url":"https:\/\/secry.me\/explore\/author\/secry\/"}]}},"_links":{"self":[{"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/posts\/4695","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/comments?post=4695"}],"version-history":[{"count":5,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/posts\/4695\/revisions"}],"predecessor-version":[{"id":4701,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/posts\/4695\/revisions\/4701"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/media\/4700"}],"wp:attachment":[{"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/media?parent=4695"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/categories?post=4695"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/tags?post=4695"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}