Leonov says that he discovered the Facebook flaw accidentally when he was redirected from some other website to Facebook.
Once upon a time on Saturday in October i (sic!)
was testing some big service (not Facebook) when some redirect followed me on Facebook.
It was a dialog, he says.
I am glad to be the one of those who broke the Facebook.
Leonov immediately informed to Facebook security team on 16th October.
Facebook acknowledge the severeness of the bug and patched it immediately.
Facebook paid Leonov $40,000 for this bug which is the highest amount paid by Facebook for any bug.
Facebook hasnt yet commented on either the bug or the bug bounty paid to Leonov.
source: www.techworm.net
