Facebook is one of the most popular social networking platforms where you can share videos, images, and texts with your friends and family. This social media site is usable by everyone, and that’s the reason why people can get addicted to this platform! Some of them even use Facebook as a haven for illicit activities.
Watch the first 60-seconds of this YouTube that shows How to Hack a Facebook Account, and then come back to the article where we show you the step by step of the Facebook Confirmation Code Hack.
Due to such forbidden hacking practices, for example – the Facebook 6 digit confirmation code hack, by malicious users, the meaning of Facebook has gradually been transforming. With the growing popularity of Facebook, it has obtained heightened attention from hackers.
Anyone who is a user of Facebook might be curious about how this seems to happen so much. Here’s a detailed guide that helps you know how Facebook accounts are hacked. Yes, you heard it right! Check out the process below.
Hack a Facebook Account
Hacking a Facebook account is a major query of internet users today. It’s quite arduous to figure out how to hack into someone’s Facebook account. What happened was, a security researcher discovered a ‘simple vulnerability’ in the social network that enabled him to effortlessly hack into any Facebook account. A hacker can do the following upon accessing someone’s account:
- View message conversations
- Post anything on the victim’s wall
- View payment card details
You can do whatever the real account holder can do. Facebook bug bounty hunter Anand Prakash from India recently discovered a Password Reset Vulnerability This is a simple, yet critical vulnerability that could have yielded an attacker countless opportunities to brute force a 6-digit code. Ultimately, if he hadn’t discovered this bug, a hacker would have been able to reset people’s passwords on Facebook.
How Does the Flaw Work?
The password reset vulnerability actually resides in the way Facebook’s beta domains manage ‘Forgot Password’ requests. Facebook allows users change their account password through Password Reset method by authenticating their Facebook account with a 6-digit code received via email or text message.
To assure the genuineness of the user, Facebook enables the account holder to try a handful of codes before blocking the account confirmation code. This is a result of Facebook’s built-in brute force protection that restricts a huge number of attempts.
However, the security researcher Prakash discovered that the social media giant had not implemented rate-limiting in its password reset method on the beta sites, beta.facebook.com and mbasic.beta.facebook.com. He attempted to brute force the 6-digit code on the Facebook beta pages in the ‘Forgot Password’ window. He soon noticed that Facebook had not set a limit on the number of attempts for beta pages.
Here’s the offending bug:
As per the explanation of the security researcher, the vulnerable POST request in the beta pages is:
Brute forcing the ‘n’ successfully allowed the researcher to launch a brute force attack into any Facebook account by setting a new password. Theoretically, this would allow him to gain complete control of any Facebook account.
Prakash (@sehacure) discovered the harmful vulnerability last month and reported it to Facebook on February 22. The social media giant fixed the vulnerable issue the very next day and paid him $15,000 USD as a reward considering the austerity and consequence of the vulnerability.