Security researcher Laxman Muthiyah has posted his hack of Facebook showing how he was able to accomplish both the deletion of his own photo album and then that of a "victim". Though Facebook claims this isn't possible, it is quite the opposite case and proof is posted for everyone to see. Essentially he utilized the Graph API. By generating the he should not be able to accomplish the feat, but by generating a token for the mobile version of the social network that changed things. "The album got deleted! So i got the key to delete all of your Facebook photos", Muthiya calmly states. Of course he won't do this, he's only proving a point. But that point should be acted upon quickly by the service because, now that it's out there, someone will certainly begin using it "just for fun". Fortunately, it has been fixed, so the need to worry about this is no longer a concern. Facebook also awarded Mr. Muthiyah $12,500 for finding the flaw. http://www.majorgeeks.com/news/stor...elete_photo_albums_from_facebook_(video).html
