Facebook is one of the most popular social networking platforms that lets you share your videos, images and chat with your friends and beloved ones. This popular social media website is pretty much easy to use and that’s the reason why people are getting addicted to this platform. Even, some of them use Facebook as a haven for unauthorized activities. Due to such forbidden and disgusting sort of practices by some blockheads, gradually is the meaning of Facebook has been transforming completely. However along with the growing popularity of Facebook, it is also obtaining an extensive attention of hackers as well.
Sometimes, you might be gaping how some people successfully hacked Facebook account. But, in fact, when you hack someone’s Facebook account, it gives you an impression of being powerful. Almost everyone who is a user of Facebook will be holding a great passion for mastering the art of hacking Facebook. Here’s a detailed procedure that helps you to hack any Facebook account. Yes, you heard it right! Check out the process!
Hack Facebook Account
Hacking Facebook account is one of the major queries of the Internet user today. It’s quite arduous to figure out the way to hack into someone’s Facebook account, but a Facebook user just did it in reality. A security researcher discovered a ‘simple vulnerability’ in the social network that enabled him to effortlessly hack into any Facebook account and he can do the following upon hacking the account:
- View message conversations
- Post anything on the victim’s wall
- View payment card details
You can do whatever the real account holder can. Facebook bounty hunter Anand Prakash from India recently discovered a Password Reset Vulnerability, a simple yet critical vulnerability that could have yielded an attacker countless opportunities to brute force a 6-digit code and reset any Facebook account’s password.
How the Flaw Works?
The password reset vulnerability actually resides in the way Facebook’s beta domains manage ‘Forgot Password’ requests. Facebook allows users change their account password through Password Reset method by authenticating their Facebook account with a 6-digit code received via email or text message. To assure the genuineness of the user, Facebook enables the account holder to try up to a handful codes before the account confirmation code is blocked due to the brute force protection that restricts a huge number of attempts.
However, the security researcher Prakash discovered that the social media giant had not implemented rate-limiting in its password reset method on the beta sites, beta.facebook.com, and mbasic.beta.facebook.com, according to a blog post published by Prakash. He attempted to brute force the 6-digit code on the Facebook beta pages in the ‘Forgot Password’ window and noticed that there is no limit set on the social media platform on the number of attempts for beta pages.
Here’s the offender:
As per the explanation of the security researcher, the vulnerable POST request in the beta pages is:
Brute forcing the ‘n’ successfully allowed the researcher to launch a brute force attack into any Facebook account by setting a new password, gaining complete control of any Facebook account.
Actually, the security researcher, Prakash (@sehacure) discovered the harmful vulnerability last month and reported it to Facebook on February 22. The social network giant fixed the vulnerable issue the succeeding day and had paid him $15,000 as a reward considering the austerity and consequence of the vulnerability.