Authentication Bypass Leads to Unauthorized Data Access for Linked Facebook, Instagram, and Meta Accounts ($5000 Bounty)
Vulnerability Report Hello, Today, I'm sharing a vulnerability I discovered in Meta's bug bounty program. This vulnerability allows attackers to gain unauthorized access to victims' account data, affecting Meta's primary technologies (Facebook, Instagram, and Meta accounts). To understand this bug, it's essential to grasp what is the Account Center. The Account Center, provided by Meta, offers users a unified interface to manage and integrate their experiences across Facebook, Instagram, and other Meta services. It centralizes settings, permissions, and account data management, streamlining the handling of multiple linked accounts under the Meta umbrella. For more information about the Account Center, you can visit here . Sensitive Data Transfer Feature One of the features of Account Center is the ability to download or transfer the data of your accounts, including those of other linked accounts. This data is extremely sensitive a...