Facebook has rewarded a British man with $20,000 (£13,000) after he found a bug which could have been exploited to hack into users' accounts.
Jack Whitton, a security researcher, discovered a flaw in the social network's text messaging system.
Facebook thanked Mr Whitton, 22, who is part of the site's "responsible disclosure" hall of fame.
The company, like many on the web, encourages experts to report bugs to them rather than cybercriminals.
To make it worth their while, rewards are offered of varying amounts depending on the severity of the flaw.
Such programmes are known as "bug bounties", with similar schemes being run at the likes of Microsoft, Paypal and Google.
The bug, which has now been fixed, allowed Mr Whitton to spoof Facebook's text message verification system into sending a password reset code for an account that was not his.
Using this, he could go to Facebook, reset a target user's password, and access the account.
Jack Whitton, a security researcher, discovered a flaw in the social network's text messaging system.
Facebook thanked Mr Whitton, 22, who is part of the site's "responsible disclosure" hall of fame.
The company, like many on the web, encourages experts to report bugs to them rather than cybercriminals.
To make it worth their while, rewards are offered of varying amounts depending on the severity of the flaw.
Such programmes are known as "bug bounties", with similar schemes being run at the likes of Microsoft, Paypal and Google.
The bug, which has now been fixed, allowed Mr Whitton to spoof Facebook's text message verification system into sending a password reset code for an account that was not his.
Using this, he could go to Facebook, reset a target user's password, and access the account.