Laxman had discovered a security vulnerability on facebook.
“The vulnerable part is, it just checks the owner of the access token and not the application which is making the request. So it allows any application with user_photos permission to read your mobile photos. “
The vulnerability allows for a user to see the photos you have privatized on your mobile device. Laxman reported this vulnerability and explained how he got there. Facebook responded by rewarding him with $10,000 and putting him on a white-list. It pays to know a thing or two about computer security.