Friday, March 29, 2024
HomeTechnologyNewsIndian hacker finds bug in Facebook login, get rewarded with $15000

Indian hacker finds bug in Facebook login, get rewarded with $15000

- Advertisement -

Bengaluru-based Anand Prakash found a vulnerability on Facebook which could have been used to hack into any user account easily without any user interaction. This could give full access to view messages, credit/debit cards stored under payment section, personal photos and much more.

facebook-hackAccording to a post on Prakash’s blog, he stated that, “Whenever a user forgets his password on Facebook, he has an option to reset the password by entering his phone number/email address and Facebook will then send a 6 digit code on his phone number/email address, which can be used in order to set a new password.” He added that he tried to brute the 6 digit code on Facebook and was blocked after 10-12 invalid attempts.

Prakash looked out for the same issue on beta.facebook.com and mbasic.beta.facebook.com and found that rate limiting was missing on ‘forgot password’ endpoints. He tried to takeover his own account and was successful in setting new password for it as well. With this method, he could then use the same password to login in the account.

Facebook, on its part, acknowledged the issue promptly and fixed it. The hacker was rewarded $15,000 (approximately Rs 10 lakh) considering the severity and impact of the vulnerability.

(With Firstpost Inputs)

- Advertisement -
- Advertisement -
- Advertisement -

Latest

Must Read

- Advertisement -

Related News