This article is from the source 'bbc' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at http://www.bbc.co.uk/news/technology-23097404

The article has changed 2 times. There is an RSS feed of changes available.

Version 0 Version 1
Facebook gives UK man $20k for discovering security flaw Facebook gives UK man $20k for discovering security flaw
(about 4 hours later)
Facebook has rewarded a British man with $20,000 (£13,000) after he found a bug which could have been exploited to hack into users' accounts.Facebook has rewarded a British man with $20,000 (£13,000) after he found a bug which could have been exploited to hack into users' accounts.
Jack Whitton, a security researcher, discovered a flaw in the social network's text messaging system.Jack Whitton, a security researcher, discovered a flaw in the social network's text messaging system.
Facebook thanked Mr Whitton, who is part of the site's "responsible disclosure" hall of fame. Facebook thanked Mr Whitton, 22, who is part of the site's "responsible disclosure" hall of fame.
The company, like many on the web, encourages experts to report bugs to them rather than cybercriminals.The company, like many on the web, encourages experts to report bugs to them rather than cybercriminals.
To make it worth their while, rewards are offered of varying amounts depending on the severity of the flaw.To make it worth their while, rewards are offered of varying amounts depending on the severity of the flaw.
Such programmes are known as "bug bounties", with similar schemes being run at the likes of Microsoft, Paypal and Google.Such programmes are known as "bug bounties", with similar schemes being run at the likes of Microsoft, Paypal and Google.
"Facebook's White Hat programme is designed to catch and eradicate bugs before they cause problems," Facebook told the BBC."Facebook's White Hat programme is designed to catch and eradicate bugs before they cause problems," Facebook told the BBC.
"Once again, the system worked and we thank Jack for his contribution.""Once again, the system worked and we thank Jack for his contribution."
The bug, which has now been fixed, allowed Mr Whitton to spoof Facebook's text message verification system into sending a password reset code for an account that was not his.The bug, which has now been fixed, allowed Mr Whitton to spoof Facebook's text message verification system into sending a password reset code for an account that was not his.
Using this, he could go to Facebook, reset a target user's password, and access the account.Using this, he could go to Facebook, reset a target user's password, and access the account.
'PR disaster''PR disaster'
Mr Whitton is what is known in security communities as a "white hat" hacker - someone who can discover security holes and faults in software, but chooses not to use them for criminal gain.Mr Whitton is what is known in security communities as a "white hat" hacker - someone who can discover security holes and faults in software, but chooses not to use them for criminal gain.
On the other side of people like Mr Whitton are black hat hackers - the bad guys - who will sell their skills and services to cybercriminal gangs and organisations.On the other side of people like Mr Whitton are black hat hackers - the bad guys - who will sell their skills and services to cybercriminal gangs and organisations.
The Facebook bug would have been of great interest to cybercriminals, noted Graham Cluley, a security expert.The Facebook bug would have been of great interest to cybercriminals, noted Graham Cluley, a security expert.
"It could have been worth an awful lot more money," he told the BBC."It could have been worth an awful lot more money," he told the BBC.
"Imagine if he were a black hat hacker, one of the bad guys, if he were to offer his services to criminals saying any account they wanted breaking in to, he could do it.""Imagine if he were a black hat hacker, one of the bad guys, if he were to offer his services to criminals saying any account they wanted breaking in to, he could do it."
He said Facebook should be "extremely grateful" that Mr Whitton opted to report it to them.He said Facebook should be "extremely grateful" that Mr Whitton opted to report it to them.
"It could have been a PR disaster," he told the BBC."It could have been a PR disaster," he told the BBC.
"This security flaw is terrible. It should never have existed. It's a gaping hole, thank goodness it's closed now. We are really relying on the goodwill of researchers.""This security flaw is terrible. It should never have existed. It's a gaping hole, thank goodness it's closed now. We are really relying on the goodwill of researchers."
Follow Dave Lee on Twitter @DaveLeeBBCFollow Dave Lee on Twitter @DaveLeeBBC