Hacker reveals how to hack any Facebook account.

• March 9, 2016 20:50

A vulnerability on the world's largest social network allowed users to obtain passwords for any account. This bug has now been patched.

Indian hacker Anand Prakash discovered a seemingly simple vulnerability that exists on a system as large as Facebook. Using his method, anyone can steal other people's accounts without needing in-depth IT knowledge.

hacker-he-lo-cach-hack-moi-tai-khoan-facebook

Facebook's Password Reset page.

Anand Prakash used Facebook's password recovery mechanism, and normally, when this request is made, the social network will return a 6-digit code to the account holder's email or phone number. Since he didn't have this code, he proceeded to "brute force"—trying each digit sequentially using automated software.

Of course, Facebook is perfectly capable of setting limits on the number of failed attempts. However, on beta.facebook.com and mbasic.facebook.com, the company "forgot" to set this limit, allowing hackers to try as many times as they want.

By successfully exploiting this vulnerability,Anand Prakash obtained the password and was able to log into any Facebook account without knowing the old password.

hacker-he-lo-cach-hack-moi-tai-khoan-facebook-1

Facebook announced a $15,000 reward for Anand's discovery.

A vulnerability in the system of the world's largest social network was discovered in February, and he reported it to Facebook. In response, Facebook recently rewarded him.Anand Prakash received $15,000 for discovering the bug, and of course, the vulnerability was patched before it was published.

According to VNE

RELATED NEWS
Facebook's live video streaming feature How to check if your Android device has been hacked. By the end of the 21st century, Facebook will be the world's largest virtual cemetery.