Impact This could allow a malicious user to see private videos provided the malicious user knew the video FBID Endpoint — https://developers.facebook.com/v2/async/videos/?video_id=xxxxxxxxx This endpoint returned video source of any Facebook video either it was shared in message, story or at workplace. Timeline: Reported — 18 Nov , 2018 Fixed — 20 Nov , 2018 Bounty — 16Janaury , 2019

Description : We can add an Instagram account to a Facebook Page having a role on the page as an admin or editor. …

If you believe your account has been compromised by another person or a virus, To help keep your Facebook account secure, Facebook will take you through a few steps to change your password and make sure any recent changes to your account came from you. Link — https://www.facebook.com/hacked POC Video- /hacked feature added an unconfirmed email address on my account. Impact — This could have allowed malicious users to take over any emails not confirmed on Facebook and this could potentially allow a malicious individual to access third party apps which rely on Facebook account verification of email.