Bad news for social media addicts – it turns out that it’s super simple for hackers to wheedle their way into your Facebook account and learn all your secrets.
Anand Prakash, a security researcher from Bangalore, India, recently unearthed something called the ‘Password Reset Vulnerability,’ which Hacker News described as: “A simple yet critical vulnerability that could have given an attacker endless opportunities to brute force a six-digit code and reset any account’s password.”
Basically, you know that six-digit code Facebook sends you when you want to change your account’s password? Well, normally after too many tries Facebook blocks you. That is, unless you use the social networking giant’s beta sites, where there’s no limit.
This brute force method (so called because it’s about as subtle as throwing a brick through a shop window) allowed Prakash to launch attacks against any Facebook accounts simply by setting a new password and taking complete control of any account.
Here’s exactly how he did it:
Unfortunately for any would-be hackers, Prakash was a good Samaritan and told the social media giant about the vulnerability, and they fixed it.
He was then presented with a $15,000 (£10,500) award for his efforts by the grateful company, which considering he just showed them a colossal hole in their security network, seems like a relatively small amount.
The Hacker News