Hacking Facebook’s Legacy API, Part 1: Making Calls on Behalf of Any User

As a security researcher, the most impressive part of this is the response timeline from Facebook's security team. 3~ hours from first report to temporary patch! That's insane.

I'm not a huge fan of Facebook but that is one impressive bug bounty and turn around time. Nice job to both parties.

Pretty slick way to earn 20 grand...nice work

Reminds me of the whole SnapChat thing. People just aren't securing the internal APIs their mobile apps use.