This hacker discovered a way break into any Facebook account
GettyImages/Manjunath Kiran
For about 72 hours, Anand Prakash had the ability to get into any Facebook account he pleased.
Luckily Prakash, a hacker who lives in India, reported the scary vulnerability to Facebook directly in return for a $15,000 payout. In a blog post on Monday, he outlined how he "could have hacked all Facebook accounts."
Here's how he did it.
When you forget your Facebook account password, you're able to request a reset by entering your email address or phone number on the social network's website. A 6-digit temporary login PIN is then sent to the email address or phone number you entered to let you reset the password.
Prakash tried to keep guessing the temporary 6-digit PIN on Facebook's website, but he was blocked after 10-12 attempts. Then he tried the same thing on Facebook's beta site, which is used by developers to test apps on the platform.
Because you can still log into any account on beta.facebook.com, Prakash tried to guess the 6-digit PIN and discovered that there was no max attempt number set like on Facebook's normal website. That allowed him to brute force hack the PIN by quickly entering every possible number combination on his computer.
"I tried to takeover my account (as per Facebook's policy you should not do any harm on any other users account) and was successful in setting new password for my account," he wrote on his blog. "I could then use the same password to login in the account."
Prakash immediately reported his findings to Facebook and was awarded a $15,000 bounty for discovering the bug. It's common practice for major tech companies to pay bounties like that when hackers discover critical bugs and report them to the proper people.
"One of the most valuable benefits of bug bounty programs is the ability to find problems even before they reach production," A Facebook spokesperson told Tech Insider. "We're happy to recognize and reward Anand for his excellent report."
- Colon cancer rates are rising in young people. If you have two symptoms you should get a colonoscopy, a GI oncologist says.
- I spent $2,000 for 7 nights in a 179-square-foot room on one of the world's largest cruise ships. Take a look inside my cabin.
- An Ambani disruption in OTT: At just ₹1 per day, you can now enjoy ad-free content on JioCinema
- In second consecutive week of decline, forex kitty drops $2.28 bn to $640.33 bn
- SBI Life Q4 profit rises 4% to ₹811 crore
- IMD predicts severe heatwave conditions over East, South Peninsular India for next five days
- COVID lockdown-related school disruptions will continue to worsen students’ exam results into the 2030s: study
- India legend Yuvraj Singh named ICC Men's T20 World Cup 2024 ambassador