Jan 27, 2014, 15:04 pm
Job offers flood in for Brazilian who found Facebook bug
Reginaldo Silva says the bug could have jeopardised personal data
A Brazilian who discovered a bug which could have allowed hackers access to users' personal data on Facebook says he has been inundated with job offers.
Reginaldo Silva, a computer engineer, contacted Facebook after discovering the vulnerability last year.
The company awarded him $33,500 (£20,000), its biggest such bounty.
Mr Silva, 27, works as a private consultant in Sao Jose dos Campos, around 160km (100 miles) from Brazil's largest city, Sao Paulo.
He discovered a bug - known as Remote Code Execution (RCE) bug - which he says would have allowed hackers to take control of a server and "read" random files. Eventually they could have stolen users' personal data, he says.
IT analysts say the threat would have cost Facebook "millions of dollars" if it had fallen into the wrong hands.
The record reward came to light after Mr Silva posted a note on his personal blog explaining in detail how he found the security breach.
"I stumbled across the bug in late November because I work for a local company specialising in finding security breaches on the web," Mr Silva told BBC Brasil.
"I had already come across the very same bug in another type of software, and I thought it would work on Facebook as well - and it did."
Problem solved
"But after contacting Facebook IT team, we have agreed I would only publish any information regarding this case now, because they wanted to make sure everything has been solved and no attack could take place," he said.
He believes the bug could have disrupted Facebook's entire system.
Mr Silva says that the initial report was sent to Facebook HQ on November 19th. Three hours later, he says, Facebook IT team replied to him and the problem started to be fixed.
Mr Silva says he has had several approaches from potential employers since he revealed the bug.
"My mailbox is now full of requests, from questions asking how I discovered the breach to countless job offers."
Facebook said the size of the reward was in proportion to the "severity of the issue."
source
Reginaldo Silva says the bug could have jeopardised personal data
A Brazilian who discovered a bug which could have allowed hackers access to users' personal data on Facebook says he has been inundated with job offers.
Reginaldo Silva, a computer engineer, contacted Facebook after discovering the vulnerability last year.
The company awarded him $33,500 (£20,000), its biggest such bounty.
Mr Silva, 27, works as a private consultant in Sao Jose dos Campos, around 160km (100 miles) from Brazil's largest city, Sao Paulo.
He discovered a bug - known as Remote Code Execution (RCE) bug - which he says would have allowed hackers to take control of a server and "read" random files. Eventually they could have stolen users' personal data, he says.
IT analysts say the threat would have cost Facebook "millions of dollars" if it had fallen into the wrong hands.
The record reward came to light after Mr Silva posted a note on his personal blog explaining in detail how he found the security breach.
"I stumbled across the bug in late November because I work for a local company specialising in finding security breaches on the web," Mr Silva told BBC Brasil.
"I had already come across the very same bug in another type of software, and I thought it would work on Facebook as well - and it did."
Problem solved
"But after contacting Facebook IT team, we have agreed I would only publish any information regarding this case now, because they wanted to make sure everything has been solved and no attack could take place," he said.
He believes the bug could have disrupted Facebook's entire system.
Mr Silva says that the initial report was sent to Facebook HQ on November 19th. Three hours later, he says, Facebook IT team replied to him and the problem started to be fixed.
Mr Silva says he has had several approaches from potential employers since he revealed the bug.
"My mailbox is now full of requests, from questions asking how I discovered the breach to countless job offers."
Facebook said the size of the reward was in proportion to the "severity of the issue."
source