I reported that due to account deactivation, a user can lose certain activity on an account.
I got reply from Facebook security member Annalise, that said,
"Locking accounts is intended in some scenarios to
protect users from attack. Thank you for sharing this information with
us. Although this issue does not qualify as a part of our bounty
program we appreciate your report. We will follow up with you on any
security bugs or with any further questions we may have."
Same year, another researcher reported that, if a group has one admin and the admin account is deactivated, any member can become an admin of this group. Facebook rejected that bug and said,
"On the deactivation page, we warn users that due to account deactivation they will lose the groups"
So, in 2016 I merged these 2 rejected report(s) and sent it to Facebook that due to account deactivation by attacker, victim will lose all the groups.
Here is the POC video.
https://www.youtube.com/watch?v=YQHX2aSgdSE&feature=youtu.be
They accepted and I got a bounty from Facebook.
I am not able to block this facebook page....
ReplyDeletehttps://m.facebook.com/pages/category/Community/Only-sex-1749425311992674/?mds=%2Ftrust%2Fafro%2Fdialog%3Fcontext%3D%257B%2522session_id%2522%253A%2522ddd96deb-a623-81c6-7189-f5fd40690c26%2522%252C%2522type%2522%253A4%252C%2522story_location%2522%253A%2522chevron%2522%252C%2522entry_point%2522%253A%2522nfx%2522%252C%2522frx_report_action%2522%253A%2522REDIRECT_TO_NFX%2522%252C%2522breadcrumbs%2522%253A%255B%2522offensive%2522%255D%252C%2522support_type%2522%253A1%252C%2522additional_data%2522%253A%257B%257D%252C%2522hideable_token%2522%253A%2522MzS3MDMwNTawNDQzMzYysqxzzSsJyMgvyffLT0l1SixOTXFNSU8NLskvqqyrMzQ3sTQxMjU2NLS0NDIzN6mrM6gDAA%2522%257D%26answer%3Dpornography%26eav%3DAfa2hzYxdK2n4e7U6KbPdSea34AXoh1vQjH-aqxRtkUZP8s0rkVmM9UHV7K1KGB05Bs%26av%3D100023158904766%26gfid%3DAQDZ3iaMYz0mnPhq
Please unblock me on Facebook.