Naija Talk community
Would you like to react to this message? Create an account in a few clicks or log in to continue.
Naija Talk community

Ghana Lotto Results, F-t-a Satellite Technology, Sport forcast, ICT forum.
 
HomePublicationsSearchRegisterLog in

 

 Hacker reveals how he could take over any Facebook account and change its password

Go down 
AuthorMessage
youngswagger
Amateur
Amateur


Sex : male
Posts : 472

Hacker reveals how he could take over any Facebook account and change its password  Empty
PostSubject: Hacker reveals how he could take over any Facebook account and change its password    Hacker reveals how he could take over any Facebook account and change its password  Empty2016-03-10, 22:00



A computer programmer has revealed how he was able to hack into any Facebook account using relatively simple software.

Anand Prakash, a product security engineer at Indian ecommerce company Flipkart, said he was able to access accounts without a password by using a common “brute force” cyber-attack on the Facebook website.

The flaw left Facebook’s 1.6 billion users at risk, although it only existed in the wild for around two days before it was discovered, and was quickly rectified.

When a Facebook user loses their password, they are asked to enter their email address, username or phone number, and are then sent a six-digit code which they can use to log in on the Facebook website.

[You must be registered and logged in to see this image.]
Facebook's security page when users forget their password

As with a password, Facebook tries to stop hackers guessing this code by repeatedly entering different combinations, locking the process after a certain number of guesses.

But Prakash found that Facebook’s beta website, which is used by software developers but lets anyone log in, did not have the same restrictions.

Using a program called Burp Suite, he was able to rapidly try all possible combinations until he found the correct code, allowing him to log in, enter a new password and log out other devices using the Facebook account. He demonstrated the flaw to show how he was able to log into his own Facebook profile, and access private information including messages and credit card numbers.

Prakash told The Telegraph the vulnerability was “very easy to exploit” and that “this hack was available to everyone”. He said that all that a potential hacker needed was a Facebook member’s username, which can be found publicly by searching for their Facebook profile (Mark Zuckerberg’s, for example, is “zuck”).

Luckily, Prakash alerted Facebook to the flaw, which rewarded him with a $15,000 (£10,500) reward, and fixed it in February.

The vulnerability was introduced by a Facebook update around two days earlier, and was fixed a day after Prakash reported it, but allowed anyone to potentially exploit it.

Professor Alan Woodward, a cybersecurity expert at the University of Surrey, said the simplicity of the hack was worrying.

“It was surprisingly simple, you’d have thought someone would have picked up on it now,” he said. “You would think sites would allow you to have five attempts and then lock you out, it’s pretty standard practice.”

A Facebook spokesman said: "One of the most valuable benefits of bug bounty programs is the ability to find problems even before they reach production. We're happy to recognize and reward Anand for his excellent report."

[You must be registered and logged in to see this link.]
Back to top Go down
donT72
Enthusiast
Enthusiast


Sex : male
Posts : 1849

Hacker reveals how he could take over any Facebook account and change its password  Empty
PostSubject: Re: Hacker reveals how he could take over any Facebook account and change its password    Hacker reveals how he could take over any Facebook account and change its password  Empty2016-03-12, 06:56

Good.
Back to top Go down
delafirst
Leader
Leader


Sex : mele
Posts : 5418
Location : Accra

Hacker reveals how he could take over any Facebook account and change its password  Empty
PostSubject: Re: Hacker reveals how he could take over any Facebook account and change its password    Hacker reveals how he could take over any Facebook account and change its password  Empty2016-03-12, 07:14

Nice one... FB
Back to top Go down
Sponsored content




Hacker reveals how he could take over any Facebook account and change its password  Empty
PostSubject: Re: Hacker reveals how he could take over any Facebook account and change its password    Hacker reveals how he could take over any Facebook account and change its password  Empty

Back to top Go down
 
Hacker reveals how he could take over any Facebook account and change its password
Back to top 
Page 1 of 1

Permissions in this forum:You cannot reply to topics in this forum
Naija Talk community :: TECHNOLOGY-
Jump to: