Serious vulnerability helps hackers attack Facebook accounts without the victim's actions
The problem was discovered and patched on February 2, but was only announced now due to security regulations.
The vulnerability is related to the Facebook password reset process through the optional feature of sending authentication codes. This 6-digit code is sent to another device logged in or pre-registered by the user to authenticate the original user and is used to complete the password reset process on a new device.
According to Samip Aryal's findings, Facebook sends a fixed authentication code (does not change the number sequence), is valid within 2 hours and has no security measures.
This means that crooks can enter the wrong activation code countless times within 2 hours of sending the code without encountering any preventive measures from Facebook's system. Normally, the security system will suspend login rights if the wrong code or password is entered more than the specified number of times.
Hackers can use 2 hours to steal user accounts.
This is a 0-click attack, hackers can steal the victim's account without any action from them.
When this vulnerability is exploited, Facebook will send a password recovery notification to the victim. Therefore, if you receive this message, it is likely that your account is being attacked or hijacked.
You should read it
- Instructions to retrieve Facebook password
- Instructions to change Facebook password on computer
- What to do when forgetting your Facebook password?
- Change your Facebook password on your phone, how to change mk fb
- Facebook lock acc, change password ... just follow it, don't worry
- How to Get Someone Else's Facebook Password
- What to do when losing your Facebook password?
- Facebook voices a batch of password changes
- How to retrieve a Facebook password when it is forgotten
- 4 ways to hack Facebook you should know to protect your Facebook account
- Error cannot open Facebook application on Windows 10
- How to fix the Facebook tab error is suspended in the browser
Maybe you are interested
GitHub Copilot is now available for free in VS Code
Latest Sword Master Story Code and How to Enter Code
Latest Roblox Clicker Simulator Codes 12/2024
Ninja Team Code: Ninja Village 3D latest and how to redeem code
Full Giftcode Blue Lock Rivals Roblox latest and how to redeem code
Latest Anime Squad Simulator Codes and How to Enter Codes