Arul Kumar, an Indian security researcher, has netted himself $12,500 for finding a critical hole in Facebook that allows anyone to delete pictures from the site.

As he describes in a blog post, the crack requires two legitimate Facebook accounts to work. If a user wants a photo taken down then can opt to mail the request directly, and doing so generates a URL for the image.

What Kumar found was that some of the parameters in the URL can be altered. By redirecting takedown requests, any posted or shared photo could be deleted, all without any notification to the victim.

Kumar contacted Facebook's security team with details about the flaw. A team member said that he had "messed around with this for the last 40 minutes" and the issue wasn't serious enough to fix.

Kumar then sent the team a video showing exactly how the hack could be used to delete the photos. Essentially showing how to delete photo's of Zuckerberg.

"OK, found the bug, fixing the bug. The fix should be live sometime early tomorrow," emailed security team member Emrakul. "I will let you know when it is live so you can retest. Wanted to say your video was very good and helpful, wish all bug reports had such a video ".

Facebook is paying out in this case, as Kumar didn't actually crack anyone's account, and the Indian researcher got $12,500 for the flaw, along with $1,500 for other bugs. It seems showing vulnerabilities in Facebook's Supreme Leader is the way to go if you want to get the security team's attention.