Facebook Fixes Flaw That Could've Let Anyone Access Your Account

Advertisement
By Manish Singh | Updated: 17 March 2016 19:09 IST
Facebook Fixes Flaw That Could've Let Anyone Access Your Account

Facebook has awarded a sum of $15,000 (roughly Rs. 10 lakhs) to an India-born security researcher. Anand Prakash received the bug bounty from Facebook after disclosing a vulnerability in the social juggernaut's website that enabled an attacker to gain access to anyone's account.

Prakash discovered a vulnerability on Facebook website that allowed him to change the user account password for any account. He reported the vulnerability to Facebook last month and the company has since patched it. Prakash has now shed light on the vulnerability, and also demonstrated it in works on a video.

The security hole resided in company's developer portal, beta.facebook.com, which is designed for developers to perform tests before rollout to the general public. Facebook sends users a 6-digit code over email or text message upon password reset request. To prevent abuse or potential ill intents, Facebook allows only a certain number of attempts. Turns out, over at the beta website, a user could make any number of guesses.

In a blog post, Prakash wrote that he utilised Burp Suite, a popular testing tool. Prakash noted that because it's only a six-digit number, and brute forcing password is possible, it was not impossible to crack into someone's account, guessing the reset password.

Advertisement

"[...] I looked out for the same issue on beta.facebook.com and mbasic.beta.facebook.com and interestingly rate limiting was missing on forgot password endpoints," he wrote in a blog post. "I tried to takeover my account ( as per Facebook's policy you should not do any harm on any other users account) and was successful in setting new password for my account. I could then use the same password to login in the account."

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Advertisement

Related Stories

Popular Mobile Brands
  1. Realme C73 5G With 6,000mAh Battery Launched in India: See Price
  2. Xiaomi Upgrade Days Sale Brings Discounts on These Devices
  3. Redmi Pad 2 4G Global Variant Confirmed to Get a 11-Inch 2.5K Display
  4. Exclusive: Huawei Band 10 to Launch in India Priced Under Rs. 5,000
  5. Tecno Pova Curve 5G: Best Budget Camera Phone Of 2025? Honest Review!
  6. India to Open Flagship EV Making Policy to Lure Global Giants
  7. This New Google App Can Run AI Models Locally On Your Device
  8. Perplexity AI Could Come Preinstalled on Samsung Galaxy S26 Series
  9. X's New XChat Feature to Offer Bitcoin-Style Encryption: Elon Musk
  1. Samsung Encourages Users to Activate Latest Anti-Theft Features on Galaxy Devices
  2. Fujifilm Instax Mini 41 With Close-Up Mode Launched in India: Price, Specifications
  3. India to Open Flagship EV Making Policy to Lure Global Giants
  4. Meta Shareholders Vote Against Bitcoin Treasury Assessment Proposal 
  5. Elon Musk Says New XChat on X Comes With Bitcoin-Style Encryption, New Features
  6. Redmi Pad 2 4G Global Variant Confirmed to Feature a 11-Inch 2.5K Display
  7. Realme Narzo 80 Lite 5G May Launch in India Soon; RAM, Storage, and Colour Options Tipped
  8. Google AI Edge Gallery App That Can Run AI Models Locally Released on Android
  9. HMD Rubber 1 Smartwatch With Camera, WearOS May Launch Soon Alongside Rubber 1S
  10. Xiaomi 15 Ultra, Redmi Note 14 Pro+, Pad 7 Discounted in Xiaomi's Upgrade Days Sale
Gadgets 360 is available in
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.