This Is How Easy It Was For Anand Prakash To Hack Your Facebook Account…
Anand Prakash Demonstrated How He Could Hack Any Facebook Account
It’s becoming a very frequent discussion. With more and more of us adopting many social media accounts, hackers are turning their attention to the social networks very users in an attempt to gain sensitive information.
As a result, Anand Prakash (A Security Researcher from Bangalore, India), recently demonstrated to Facebook how he was able to gain access to any users account with one very simple trick.
Dubbed the ‘Password Reset Vulnerability’, the hacker information site Hacker News described it as simple and critical vulnerability which was found by the right person.
If you weren’t aware, Facebook now provides a 6 digit passcode to you should you wish to reset your password. This is sent to your email or phone number on file.
In theory, it would be extremely hard and time consuming for a hacker to gain access to your email or phone in an attempt to hijack the code.
Facebook enforces a limit on the amount of times you can enter this 6 digit code before it locks you out so guessing it would be out the question.
Well, not entirely true.
Guessing it is EXACTLY what Anand Prakash achieved with a simple bit of software and a small but vital loophole.
Known as brute force attack, a program was set to run and attempt every single combination for the 6 digit passcode until it was accepted. This amounts to 1,000,000 possibilities.
Now, remember we said Facebook gives you a number of tries before it locks you out? Well this is true.
What Anand Prakash discovered though is that this wasn’t true for Facebook’s Beta sites. These are versions of Facebook which use the same user accounts but on preview sites for testers and developers of Facebook’s platform.
As a result Anand was able to run the software on any account and gain access.
However because of the job he is in and the good ole chap he is, he decided not to leak the information or hold it ransom but simply alert Facebook to it.
The result? They awarded him with a cash sum of $15,000 and a pat on the back. He probably could have gotten more but hey ho!