Security Report: Facebook Vulnerability Allows Remote Attacker Deception and Phishing Attacks
I hereby confirm that a responsible disclosure was conducted regarding the following security vulnerability:
🚨 Disclosure Status:
This vulnerability was discovered, thoroughly documented, and responsibly reported by Aiman Al-Hadhrami.
Meta Bug Bounty [report number: 25030857679851051]
📆 Date Reported:
[July 03, 2025]
🏢 Reported To:
Meta BugBounty program
📨 Reporting Method:
Submitted via official vulnerability disclosure portal https://www.facebook.com/whitehat/report
📎 Report Content Included:
- A clear and detailed description of the vulnerability.
- Explanation of the potential security impact on users and the platform.
- A technical example demonstrating the issue.
- A video proof of concept (PoC).
🛑 Company Response and Ethical Concerns:
I received a confirmation email from Meta’s Bug Bounty Program stating that my report (ID: 25030857679851051) was successfully submitted to the security team. However, just five minutes later, I was notified that the report was closed — without any explanation and with clearly no time for a proper review.
This is highly unprofessional and gives the impression that certain reports are closed automatically or without genuine consideration. If there is a policy that explains this process, it should be communicated transparently to researchers.
Mutual respect and transparency are the foundation of any successful bounty program, and I hope this issue is treated accordingly.
No comments:
Post a Comment