A British man has been given a $20,000 (£13,000) reward from Facebook for highlighting a bug in the social network's text messaging system.
Jack Whitton found that he could "spoof" Facebook's text message verification system, tricking it into sending him a password reset code for another person's account.
Researchers like Whitton are known in online security circles as "white hat hackers"; those who discover security faults in software, but pass their information onto relevant parties, rather than let it fall into the wrong hands.
On the other side of the coin, "black hat" hackers will hone their skills in order to sell their services to cybercriminal organisations.
Facebook, like many of the other major online organisations, offer monetary rewards, known as "bug bounties", to researchers for bringing the security flaws to their attention, instead of selling the information on to cyber criminals.
Speaking to the BBC, security expert Graham Cluley said Facebook should be "extremely grateful" that Whitton chose to report the bug to them, rather than use it for criminal gain.
Cluley said: "Imagine if he were a black hat hacker, one of the bad guys, if he were to offer his services to criminals saying any online account they wanted breaking in to, he could do it. It could have been worth an awful lot more money.
He added that this "terrible" security flaw "should never have existed."
"It's a gaping hole, thank goodness it's closed now," he said. "We really are relying on the goodwill of researchers."
A Facebook spokesperson said: "Facebook's White Hat programme is designed to catch and eradicate bugs before they cause problems. Once again, the system worked and we thank Jack for his contribution."