Back in the days, photo albums were pretty much used to store our pictures. Unlike today where most of us who have Internet access make use of social media like Instagram, Twitter, Facebook and many more to store our photos. So what happens if you learn that it is so easy for someone to delete all of your precious Facebook photos? How will you react if you found out that all of your Facebook photos are no longer there? Facepalm moment? Scratchy head maybe? Worst… angry and disgusted to the point where you want to cry! It’s not impossible and someone already proved that all of your Facebook photos can be deleted using Facebook Graph API. And he is Laxman Muthiyah from India.
Laxman, as transparent as he can be showed the world how it is easy and possible to delete all of someone’s Facebook photos. With the use of a web platform bug testing tool and Facebook Graph API, he managed to discover this disastrous exploit in Facebook. Fortunately, after some few more testing and discovering the Facebook hack he alerted and reported it to Facebook Security team. Good lad! Facebook was able to identify immediately the issue and took actions to rectify the problem by updating the code. And as reward for Laxman’s effort he received $12,500 USD. But I don’t think that this is his first time to find a Facebook exploit since he was already recognized since last year (2014). Laxman is actually in Facebook’s Hall of Fame page.
In layman’s term, what Laxman did was with the tool I mentioned above he passed a Request code through Facebook’s Graph API. And that code is requested has a command to delete. What happens next… you don’t want to know. Because you’ll just find out that your Facebook photos or Album were already gone.
The request code and server response will look like something like the following lines:
Request :-
DELETE /518171421550249 HTTP/1.1
Host : graph.facebook.com
Content-Length: 245
access_token=<Facebook_for_Android_Access_Token>Response :-
true
To see in details on how Laxman did it, he posted a video on YouTube (watch it below) aside from his blog on how he deleted Facebook photos and albums.
As Greg Kumparak mentioned on his post on TechCrunch about this same topic:
“Let it be a gentle reminder: Facebook isn’t a backup drive. While your photos hopefully won’t vanish without warning, Facebook’s code isn’t infallible. Back up the stuff you love.”
Indeed! And do not expect too much from Faceboook since we’re not paying them to store those Facebook photos for us. Learn to do your own backup.