Security researcher Stephen Sclafani has discovered a critical one vulnerability in popular by clicking here of social network, Facebook, which allows him to violate anyone account.
Stephen just needs it name user to hack into an account and read mail, view email addresses, create or delete notes etc.
As he explains in his blog, an incorrect setting at the endpoint makes it possible to make legitimate REST API calls to each user on Facebook, using only their user name.
Facebook REST API is said to be the predecessor of the available Graph API. He managed to send a request to the server using this API to update the status of the victim's account.
Stephen discovered this vulnerability on 23 April and reported it to Facebok. After updating, Facebok temporarily corrected the April 30 error. Facebok rewarded the researcher for giving him a 20.000 fee for finding and reporting the bug.