A hacker was able to view people's personal details, including credit card information, by hacking into their Facebook accounts using basic software.
Anand Prakash in Bengaluru, India, highlighted the bug, which has now been fixed, that allowed him to view users' personal photos and messages.
A spokesperson for Facebook told the Huffington Post UK that the bug was introduced to the beta version of the site during software changes.
Had this version rolled out to the general public, hackers would have little trouble getting into people's accounts.
Writing on his blog, Prakash said:
"This post is about a simple vulnerability found on Facebook which could have been used to hack into other user's Facebook account easily without any user interaction. This gave me full access of another users account by setting a new password.
"I was able to view messages, his credit/debit cards stored under payment section, personal photos etc.
"Facebook acknowledged the issue promptly, fixed it and rewarded $15,000 USD considering the severity and impact of the vulnerability."
Facebook will only let you enter incorrect passwords a certain number of times.
However, according to the Telegraph, Prakash used a program called Burp Suite which allowed him try various number combinations until he landed on the right one.
All a hacker would need he said, is the account holder's name.
After alerting Facebook, Prakash was promptly rewarded $15,000 (£10,600).
"One of the most valuable benefits of bug bounty programs is the ability to find problems even before they reach production," Facebook told us.
"We're happy to recognise and reward Anand for his excellent report."