Brazilian computer engineer Reginaldo Silva discovered a bug that would eventually lead him to rewards from Google and Facebook. The XXE bug, a XML External Entity Expansion (XXE) bug, was easily targeted on domains that offer OpenID authentication. Facebook’s server offered read access to most everything, including the /etc/passwd file. The social networking giant offered Silva $33,500 USD in compensation. To date, the sum represents the social network’s largest bug bounty payout. At present, Silva says that many implementations of OpenID are still vulnerable to the bug.”]