Jack Whitton found a flaw that could have allowed an attacker to compromise the account of another user by spoofing Facebook's text message verification system into sending a password reset code for an account that wasn't it.
Facebook has a White Hat system (responsible disclosure) where bug hunters find and report flaws for reward, rather than making them public or selling the information to cybercriminals.
"Facebook's White Hat programme is designed to catch and eradicate bugs before they cause problems," Facebook told the BBC.
"Once again, the system worked and we thank Jack for his contribution."
Written by: James Delahunty @ 29 Jun 2013 4:30