A U.K.-based researcher has netted $20,000 for spotting a very serious flaw in Facebook. Jack Whitten found it was possible to reset the password of anyone’s account by exploiting an error in how Facebook lets users link their mobile phone to their account for purposes such as receiving updates over SMS. The flaw was fixed by Facebook about a month ago, wrote Whitten, an application security engineer who posted a post-mortem on his blog. He has been recognized for finding vulnerabilities by Google, Facebook and Etsy.”]
Source: https://www.csoonline.com/article/2133590/researcher-nets–20k-for-finding-serious-facebook-flaw.html