Bengaluru Hacker Gets $15,000 Reward for Reporting Bug
BENGALURU: Serving to be the web identity of a person, a Facebook account holds the credit/debit card information, pictures, and personal messages of individuals. Several users have been a victim of identity theft in the past. Hence, the founder Mark Zuckerberg has been updating the website security regularly to keep the privacy security in check. Meanwhile, a hacker from Namma Bengaluru, Anand Prakash had found a vulnerability spot in Facebook’s login system, reports Tech2.
Prakash revealed the vulnerability spot on his blog and quoted, “Whenever a user forgets his password on Facebook, he has an option to reset the password by entering his phone number/email address and Facebook will then send a 6 digit code on his phone number/email address, which can be used in order to set a new password.” After 10-12 invalid attempts of random 6 digit code, the Facebook was blocked, he adds.
The Bangalorean hacker tried the similar steps to break into his own account on beta.facebook.com and mbasic.beta.facebook.com and learnt that the endpoint for ‘forgot password’ had no rate limits. Finally, he could successfully hack into his own Facebook account. Later, the derived password can be used to login to account conveniently without any tedious hack process.
As Facebook learnt about the vulnerability, acknowledged the issue and at the same time fixed the loop hole. Facebook then rewarded Prakash with $15,000, considering the impact of this little defenseless access.
Read Also: New Electrodes, Barrier Materials To Power Next-Gen Light Sources