Connect with us

Communication

White Hat Shows Exploit to Hack Any Facebook Account

Published

on

An Indian white hat hacker has revealed a vulnerability that granted him the means to hack into any Facebook user’s account. However, being the white hat that he is, the hacker promptly alerted Facebook who duly granted him a bug bounty of $15,000. It’s a good thing he’s a white hat, he could’ve made millions as a malicious hacker.

Security researcher Anand Prakash from Bangalore, India has revealed a proof-of-concept hack that enabled him to plausibly hack any Facebook user’s profile. The ‘simple vulnerability’ as he called it, was revealed in a blog post that’s scarily titled “How I could have hacked all Facebook accounts.”

In the blog post, the white hat claimed that he gained full access to another user’s Facebook account without the need for any interaction. The means to gain access was achieved through resetting a new password. The flaw, Prakash discovered, was the way in which certain Facebook-beta URLs were lacking routine cybersecurity measures.

With the exploit, Prakash was able to view a profile’s messages, credit/debit card details stored in the payments section of the profile, personal photos and more. Essentially, he had gained complete access to the account.

The Facebook Hack

Facebook routinely texts or emails a one-time password in the form of a six-digit confirmation code to users who seek to reset their passwords, usually after forgetting the password.

Once the code is delivered, Facebook allows the user a limited number of attempts to enter the code correctly, as a security measure. This is called rate-limiting. The method is to prevent identity theft hackers from gaining access to a user’s account if they were allowed unlimited attempts to enter the reset code for a new password. Unlimited attempts, by way of brute force techniques.

While Facebook’s main website unsurprisingly implements rate-limiting, its beta websites (beta.facebook.com), do not. When Prakash discovered this, he proceeded to brute force his ways with an unlimited number of attempts with multiple attempts to gain access to the account. His proof of concept is shown below.

Prakash revealed that he notified Facebook of the vulnerability on February 22nd before the fix was then verified by the researcher the very next day. Come March 2, a bounty of $15,000 was awarded to the Indian white hat.

For saving the social media company from a huge PR disaster, his alert was worth a whole lot more than the $15,000.

Featured image from Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this.
Loading...

4 stars on average, based on 1 rated postsSamburaj is the contributing editor at Hacked and keeps tabs on science, technology and cyber security.




Feedback or Requests?

1 Comment

1 Comment

  1. Kim George

    September 20, 2016 at 8:51 am

    In need of any genuine hacker, kindly contact wjitservices@gmail.com or call +1 7242091657 for any type of hacking services such as Facebook, yahoo, gmail, mobile phone, game, upgrading scores, lease penetration, SQL, DB, Skype, instagram, websites, software testing . He’s just a cyber guru, he would definitely get your work done, he did a great job for me, I can’t stop thanking him, for now he’s the best hacker.

You must be logged in to post a comment Login

Leave a Reply

Communication

San Bernadino iPhone Case: Major Press Agencies Are Suing the FBI

Published

on

The Associated Press, Gannett, and VICE Media are suing the FBI to know more details about the agency’s hack of the San Bernadino killer’s iPhone.

(more…)

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this.
Loading...

5 stars on average, based on 2 rated postsP. H. Madore has covered the cryptocurrency beat over the course of hundreds of articles for Hacked's sister site, CryptoCoinsNews, as well as some of her competitors. He is a major contributing developer to the Woodcoin project, and has made technical contributions on a number of other cryptocurrency projects. In spare time, he recently began a more personalized, weekly newsletter at http://ico.phm.link




Feedback or Requests?

Continue Reading

Communication

Toward Unbreakable Quantum Encryption for Everyone

Published

on

Hacked recently covered the efforts of the Chinese government to build unbreakable quantum communication networks. According to analysts, quantum communications networks are so expensive that they could have a “recentralizing effect,” enabling states to recover the ground that they have lost to decentralizing digital technologies. But what if ultra-secure quantum cryptography could be made available to everyone at low cost?

(more…)

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this.
Loading...

Giulio Prisco is a freelance writer specialized in science, technology, business and future studies.




Feedback or Requests?

Continue Reading

Communication

The Chinese Quantum Satellite QUESS: Toward Unbreakable Quantum Networks

Published

on

One year ago Hacked covered the race between the US and China to develop “military super-powers” by harnessing quantum science, and noted that Chinese scientists were developing quantum communication satellites that support unbreakable encryption. A few weeks ago, China launched its first quantum satellite.

(more…)

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this.
Loading...

Giulio Prisco is a freelance writer specialized in science, technology, business and future studies.




Feedback or Requests?

Continue Reading

5 of 15 Seats Available

Learn more here.

Recent Comments

Recent Posts

A part of CCN

Hacked.com is Neutral and Unbiased

Hacked.com and its team members have pledged to reject any form of advertisement or sponsorships from 3rd parties. We will always be neutral and we strive towards a fully unbiased view on all topics. Whenever an author has a conflicting interest, that should be clearly stated in the post itself with a disclaimer. If you suspect that one of our team members are biased, please notify me immediately at jonas.borchgrevink(at)hacked.com.

Trending