Home Created by potrace 1.16, written by Peter Selinger 2001-2019Tech and auto  Created by potrace 1.16, written by Peter Selinger 2001-2019Tech news  Created by potrace 1.16, written by Peter Selinger 2001-2019Hacker Gets $15,000 Bounty For Solving Major Bug with Facebook 

Hacker Gets $15,000 Bounty For Solving Major Bug with Facebook 

The hacker managed to crack a major bug in Facebook that could have severely impacted any user. 

S Aadeetya
Tech News
Updated:
It’s easier you crack your Facebook login credentials than you thought. (Photo: iStockphoto)
i
It’s easier you crack your Facebook login credentials than you thought. (Photo: iStockphoto)
null

advertisement

Hackers can make big money by finding backdoors for Facebook, Google, and even Twitter – it helps the companies detect and close security loopholes. The amount is a reflection of the companies’ effort and the risk which has been thwarted.

The Bangalore-based hacker was rewarded with $15,000 by Facebook for cracking a login-related bug which could have had catastrophic implications for users of the social networking site.

What Was the Issue?

Apparently, the hacker, Anand Prakash, was able to infiltrate into various Facebook accounts by resetting the password which gave him the following details. Facebook has admitted to the breach, and in return awarded him the bounty.

This post is about a simple vulnerability found on Facebook which could have been used to hack into other users’ Facebook accounts easily without any user interaction. This gave me full access to other user accounts by setting a new password.
<b><a href="http://www.anandpraka.sh/">Anand Prakash, Facebook bounty winner</a></b>
ADVERTISEMENT
ADVERTISEMENT

Facebook Login Under Threat

Whenever a user forgets his password on Facebook, he has an option to reset the password by entering his phone number/email address and Facebook will then send a 6 digit code on his phone number/email address, which can be used in order to set a new password.
<b><a href="http://www.anandpraka.sh/">Anand Prakash, Facebook bounty winner</a></b>

But that’s not all, Anand then looked out for the same issue on beta.facebook.com and mbasic.beta.facebook.com, and interestingly found the rate limiting was missing on forgot password endpoints.

To check the outcome, Anand decided to hack his own account and set a new password for it. After successfully doing so, he used the same password to login in the account which set the alarm bells ringing.

Once he alerted Facebook about the discovery, the social networking giants duly replied to Anand and thanked him for his findings.

Here’s what Facebook said to Anand after accepting the loopholes. (Photo Courtesy: Anand Prakash/blog)

(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)

Published: 09 Mar 2016,04:06 PM IST

ADVERTISEMENT
SCROLL FOR NEXT