An Indian hacker has found a remarkably simple way to access any Facebook user account. Thankfully, Anand Prakash, a security engineer from Bangalore, is a “white hat” hacker and immediately contacted Facebook about the loophole, granting him a $15,000 reward.
In a blog post – with the provocative title “How I could have hacked all Facebook accounts” – Prakash explained the process he used, including a proof-of-concept video. Effectively, he brute-forced the password reset code – a six-digit number which is sent to the user’s phone or e-mail – on Beta version of Facebook, which allowed him unlimited input attempts without locking him out. He was then able to set his own password with which he could fraudulently access other user’s accounts.
“Whenever a user Forgets his password on Facebook, he has an option to reset the password by entering his phone number/ email address on https://www.facebook.com/login/identify?ctx=recover&lwv=110 ,Facebook will then send a 6 digit code on his phone number/email address which user has to enter in order to set a new password,” Prakash wrote. “I tried to brute the 6 digit code on www.facebook.com and was blocked after 10-12 invalid attempts.”
“Then I looked out for the same issue on beta.facebook.com and mbasic.beta.facebook.com and interestingly rate limiting was missing on forgot password endpoints,” he added. “I tried to takeover my account (as per Facebook’s policy you should not do any harm on any other users account) and was successful in setting new password for my account. I could then use the same password to login in the account.”
According to his blog, Prakash discovered the vulnerability on 22nd February, and received his $15,000 reward from Facebook on 2nd March. Facebook is yet to confirm the veracity of Prakash’s blog post.
Valve's latest upcoming game which has been in development since 2018 and was originally codenamed…
Ghost of Tsushima Director’s Cut made a strong debut on PC, hitting over 57,000 concurrent…
Microsoft is set to bring the next installment of Call of Duty to Xbox Game…
Singularity 6, the studio behind the cozy MMO Palia, has laid off 36 employees. This…
For the longest time Call of Duty has been Activision's cash cow bringing in all…
Your gaming world, more lifelike than ever before. Packing in 1.7 times the pixel density…