Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the crayon-syntax-highlighter domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home1/ktech37/public_html/wp-includes/functions.php on line 6114

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the otw_dcsw domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home1/ktech37/public_html/wp-includes/functions.php on line 6114

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the easy-accordion-free domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home1/ktech37/public_html/wp-includes/functions.php on line 6114
Hacker reveals How He Could have Hacked Multiple Facebook Accounts » KryptosTechnology

Hacker reveals How He Could have Hacked Multiple Facebook Accounts

hacking Facebook_accounts

How to Hack a Facebook Account?

T

hat’s possibly the most frequently asked question on the Internet today. Though the solution is hard to find, a white hat hacker has just proven how easy it is to hack multiple Facebook accounts with some basic computer skills.

Your Facebook account can be hacked, no matter how strong your password is or how much extra security measures you have taken. No joke!


Gurkirat Singh from California recently discovered a loophole in Facebook’s password reset mechanism that could have given hackers complete access to the victim’s Facebook account, allowing them to view message conversations and payment card details, post anything and do whatever the real account holder can.

The attack vector is simple, though the execution is quite difficult.The issue, Gurkirat (@GurkiratSpeca) says, actually resides in the way Facebook allows you to reset your password. The social network uses an algorithm that generates a random 6-digit passcode ‒ that’s 10⁶ = 1,000,000 possible combinations ‒ which does not change until gets ‘used’ (if you request it from mbasic.facebook.com).


That could possibly mean that if 1 million people request a password within a short amount of time such that no one uses their code to reset the password, then 1,000,0001 person to request a code will get a passcode that someone from the batch has already been assigned,” Gurkirat explains in a blog post.

How to Hack Multiple Facebook Accounts?

Gurkirat first collected valid Facebook IDs by making queries to Facebook Graph API starting with 100,000,000,000,000, since Facebook IDs are generally 15-digit long and then visited www.facebook.com/[ID] with a valid ID number in place of [ID].

Once entered, the URL automatically redirected and changed the Facebook ID to the user’s username. In this way, first, he was able to make a list of 2 Million valid Facebook usernames.


“I first reported this bug on May 3, 2016, but Facebook didn’t believe me such large-scale execution could have been possible. They wanted proof,” Gurkirat told The Hacker News. “So I spent close to a month learning and building the infrastructure to target a batch of 2 million Facebook users. I then re-submitted this bug, and they agreed that it indeed was an issue.”

Then using a script, hundreds of proxies and random user-agents, Gurkirat automatically initiated the password reset requests for those 2 million users, each assigned a 6-digit password reset code, thus consuming the complete 6-digit range.

Gurkirat then randomly picked a 6-digit number, i.e. 338625, and started the password reset process using a brute forcing script against all those usernames in his list, hoping that this number had been assigned by Facebook to someone in his list of 2 million usernames.


how to hack facebook accounts



“I would have never imagined that a company as big as Facebook would be susceptible to sheer computing power. The efficacy of the bug I found relied on just that,” Gurkirat told the Hacker News.

“I was informed by Facebook that the patch has been applied and that they have started throttling aggressively per IP address. Given a much larger pool of IP addresses that can simulate a global network flow combined with little social engineering, I still doubt if their patch is strong enough to mitigate this vulnerability.”

 

Here’s How you can Protect Your Facebook account:

With Login Approvals turned ON, Facebook will send you a 6-digit security code via a text message to your registered cell phone if someone tries to log into your Facebook account from a new computer or device or a different web browser.


So, even if your Facebook username and password are entered by an attacker, that 6-digit security code, which has been delivered to your phone, will still be required to log into your account, preventing hackers from accessing your account.

Enable Login Notification Alerts: Facebook also provides a security feature, “Login Alerts,” that send you an email or SMS whenever it suspects an unauthorized user is accessing your account.

If your Facebook account is accessed from a remote device, Facebook sends you an email or SMS alert. If that is an unauthorized access, you can quickly follow the steps listed in the email to disable access for that device.