Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
Hortinstein
on Feb 12, 2015
|
parent
|
context
|
favorite
| on:
Deleting any Facebook album
sorry if this is trivial, but how easy is it to get the Mobile API access token? I thought api access tokens should be safeguarded like credentials
geetee
on Feb 12, 2015
[–]
You didn't need the target's access token. Your own worked just fine.
murki
on Feb 12, 2015
|
parent
|
next
[–]
Exactly, that in itself is the whole point of this being a security bug.
sleepyhead
on Feb 13, 2015
|
parent
|
prev
[–]
Woah, didn't catch that when I first skimmed through the article. $12,500 wasn't enough then.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search: