• Home
  • Latest
  • Fortune 500
  • Finance
  • Tech
  • Leadership
  • Lifestyle
  • Rankings
  • Multimedia

Trendingnow

1

Egg companies made $1.22 billion in profit off a $6 carton — now they’re buying their way out of a price-fixing case with 53 million donated eggs

2

Meet the Zillennials: The luckiest micro-generation in the workforce, born between 1993 and 1998

3

Economists have found an answer to slowing cognitive decline: Avoid retiring early, study finds

1

Egg companies made $1.22 billion in profit off a $6 carton — now they’re buying their way out of a price-fixing case with 53 million donated eggs

2

Meet the Zillennials: The luckiest micro-generation in the workforce, born between 1993 and 1998

3

Economists have found an answer to slowing cognitive decline: Avoid retiring early, study finds
TechBusinessperson of the Year

Facebook Awards Server-Crushing Hacker With Its Biggest Ever Bounty

Robert Hackett
By
Robert Hackett
Robert Hackett
Down Arrow Button Icon
Robert Hackett
By
Robert Hackett
Robert Hackett
Down Arrow Button Icon
January 19, 2017, 2:20 PM ET
Facebook Said to Boost IPO By 25% To 421 Million Shares
A man stands in front of a monitor displaying the Facebook Inc. website in this arranged photograph in Tokyo, Japan, on Wednesday, May 16, 2012. Facebook Inc. is boosting the number of shares for sale in its initial public offering to 421 million, letting it raise as much as $16 billion, two people with knowledge of the deal said. Photographer: Tomohiro Ohsumi/Bloomberg via Getty ImagesTomohiro Ohsumi—Bloomberg via Getty Images
Add Fortune on Google for similar content.

Facebook has awarded a white hat hacker its biggest ever bounty for reporting a severe vulnerability affecting the company’s servers.

Facebook paid Andrew Leonov, a Russian security researcher, $40,000 for discovering that Facebook was susceptible to a “remote code execution” flaw in ImageMagick, a popular open-source software tool for editing photos. The flaw would have allowed hackers to hide computer-compromising code in image files that they upload to the site.

Originally discovered last spring, the bug affected countless websites using the ubiquitous photo-tweaking software ImageMagick. Facebook’s security team attempted to patch the issue last year, but Leonov found that he could circumvent the fix that the team had put in place.

Get Data Sheet, Fortune’s technology newsletter.

To fix the vulnerability, Facebook’s engineers, like many others, simply added rules to its web application firewall, a tool that monitors, filters, and blocks Internet traffic. The measure was not foolproof, as Leonov figured out months later.

The revelation came one Saturday in October when Leonov was poking around “some big service (not Facebook),” he wrote in a recent post on his personal blog. His suspicions were piqued after he was redirected to the social network by way of a “share on Facebook” pop-up box and, for some reason, a picture failed to render properly.

Initially, Leonov assumed the problem related to a type of vulnerability that lets attackers create requests from servers behind firewalls. He kept digging until he realized the real problem.

For more on Facebook and hackers, watch:

Facebook had used a vulnerable ImageMagick library in its image converter, Leonov found. He then devised a way to bypass the network’s firewall defenses with some code of his own, and he reported the problem to Facebook on Oct. 16.

Within three days, Facebook had patched the hole. By early November, Leonov had received his reward through Bugcrowd, a bug bounty startup that counts Fiat Chrysler (FCAU), Western Union (WU), and Twilio (TWLO) among its customers.

“I am glad to be the one of those who broke the Facebook,” Leonov wrote, celebrating the achievement on his blog.

https://twitter.com/alexstamos/status/821415424558440448

“Great bug from a responsible reporter,” Alex Stamos, Facebook’s information security chief, said in a post on Twitter this week.

Facebook confirmed with Fortune that this is the company’s largest bug bounty payout to date. A spokesperson said that the company was unaware of anyone exploiting the issue before Leonov’s report.

Facebook’s next highest payout for a bug bounty was $35,000 in January 2014. The company awarded the sum to Reginaldo Silva, a Brazilian security researcher who discovered a different remote code execution flaw that affected the site’s login process.

Facebook has long lauded the efficacy of bug bounties, having paid more than $5 million to ethical hackers since debuting its program in 2011. Other organizations such as Microsoft, Google, Uber, Apple, and even the United States Department of Defense, sponsor bug bounty programs, too.

About the Author
Robert Hackett
By Robert Hackett
Instagram iconLinkedIn iconTwitter icon
See full bioRight Arrow Button Icon
Add Fortune on Google for similar content.

Latest in Tech

Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025

Most Popular

Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Fortune Secondary Logo
Rankings
  • 100 Best Companies
  • Fortune 500
  • Global 500
  • Fortune 500 Europe
  • Most Powerful Women
  • World's Most Admired Companies
  • See All Rankings
  • Lists Calendar
Sections
  • Finance
  • Fortune Crypto
  • Features
  • Leadership
  • Health
  • Commentary
  • Success
  • Retail
  • Mpw
  • Tech
  • Lifestyle
  • CEO Initiative
  • Asia
  • Politics
  • Conferences
  • Europe
  • Newsletters
  • Personal Finance
  • Environment
  • Magazine
  • Education
Customer Support
  • Frequently Asked Questions
  • Customer Service Portal
  • Privacy Policy
  • Terms Of Use
  • Single Issues For Purchase
  • International Print
Commercial Services
  • Advertising
  • Fortune Brand Studio
  • Fortune Analytics
  • Fortune Conferences
  • Business Development
  • Group Subscriptions
About Us
  • About Us
  • Press Center
  • Work At Fortune
  • Terms And Conditions
  • Site Map
  • About Us
  • Press Center
  • Work At Fortune
  • Terms And Conditions
  • Site Map
  • Facebook icon
  • Twitter icon
  • LinkedIn icon
  • Instagram icon
  • Pinterest icon

Latest in Tech

Chad Hurley and Steven Chen wearing suits
SuccessWealth
YouTube’s founders split over $650 million when they sold to Google in 2006—had they held out, they could have taken a slice of $550 billion
By Preston ForeJuly 3, 2026
4 hours ago
ds
CommentarySoftware
I argued with the father of open source for 2 years. Now the AI fight is the same — only bigger
By David SiegelJuly 3, 2026
7 hours ago
ashok
Commentary250 Years of Innovation
The greatest startup in history: What we can learn from America’s founders at today’s AI frontier
By Ashok N. SrivastavaJuly 3, 2026
7 hours ago
2
Commentary250 Years of Innovation
America’s secret weapon isn’t just innovation — It’s the freedom to fail
By Keith KrachJuly 3, 2026
9 hours ago
A $75 billion valuation, 75 million global customers and on its way to America—Revolut is London’s disruptor extraordinaire
EuropeLetter from London
A $75 billion valuation, 75 million global customers and on its way to America—Revolut is London’s disruptor extraordinaire
By Kamal AhmedJuly 3, 2026
9 hours ago
Man in a black hat and jacket
InvestingSpace Exploration
Elon Musk can’t sell a single SpaceX share for a year—and then all the locks crack open at once
By Amanda GerutJuly 3, 2026
9 hours ago

Most Popular

Egg companies made $1.22 billion in profit off a $6 carton — now they’re buying their way out of a price-fixing case with 53 million donated eggs
Law
Egg companies made $1.22 billion in profit off a $6 carton — now they’re buying their way out of a price-fixing case with 53 million donated eggs
By Wyatte Grantham-Philips and The Associated PressJuly 2, 2026
1 day ago
Meet the Zillennials: The luckiest micro-generation in the workforce, born between 1993 and 1998
AI
Meet the Zillennials: The luckiest micro-generation in the workforce, born between 1993 and 1998
By Nick LichtenbergJuly 3, 2026
12 hours ago
Economists have found an answer to slowing cognitive decline: Avoid retiring early, study finds
Economy
Economists have found an answer to slowing cognitive decline: Avoid retiring early, study finds
By Sasha RogelbergJuly 2, 2026
1 day ago
On Wall Street, analysts increasingly don’t believe the U.S. government’s 'misleading' job numbers
Economy
On Wall Street, analysts increasingly don’t believe the U.S. government’s 'misleading' job numbers
By Jim EdwardsJuly 3, 2026
8 hours ago
Mark Zuckerberg feeds his cows macadamia nuts and beer to create the 'highest-quality beef in the world' on his $300 million estate in Hawaii
Success
Mark Zuckerberg feeds his cows macadamia nuts and beer to create the 'highest-quality beef in the world' on his $300 million estate in Hawaii
By Sasha RogelbergJuly 2, 2026
1 day ago
Current price of oil as of July 2, 2026
Personal Finance
Current price of oil as of July 2, 2026
By Joseph HostetlerJuly 2, 2026
1 day ago

© 2026 Fortune Media IP Limited. All Rights Reserved. Use of this site constitutes acceptance of our Terms of Use and Privacy Policy | CA Notice at Collection and Privacy Notice | Do Not Sell/Share My Personal Information
FORTUNE is a trademark of Fortune Media IP Limited, registered in the U.S. and other countries. FORTUNE may receive compensation for some links to products and services on this website. Offers may be subject to change without notice.