Hacker Gets $15,000 Bounty For Solving Major Bug with Facebook 

The hacker managed to crack a major bug in Facebook that could have severely impacted any user. 

Tech News
2 min read
It’s easier you crack your Facebook login credentials than you thought. (Photo: iStockphoto)

Hackers can make big money by finding backdoors for Facebook, Google, and even Twitter – it helps the companies detect and close security loopholes. The amount is a reflection of the companies’ effort and the risk which has been thwarted.

The Bangalore-based hacker was rewarded with $15,000 by Facebook for cracking a login-related bug which could have had catastrophic implications for users of the social networking site.

What Was the Issue?

Apparently, the hacker, Anand Prakash, was able to infiltrate into various Facebook accounts by resetting the password which gave him the following details. Facebook has admitted to the breach, and in return awarded him the bounty.

This post is about a simple vulnerability found on Facebook which could have been used to hack into other users’ Facebook accounts easily without any user interaction. This gave me full access to other user accounts by setting a new password.
Anand Prakash, Facebook bounty winner

Facebook Login Under Threat

Whenever a user forgets his password on Facebook, he has an option to reset the password by entering his phone number/email address and Facebook will then send a 6 digit code on his phone number/email address, which can be used in order to set a new password.
Anand Prakash, Facebook bounty winner

But that’s not all, Anand then looked out for the same issue on beta.facebook.com and mbasic.beta.facebook.com, and interestingly found the rate limiting was missing on forgot password endpoints.

To check the outcome, Anand decided to hack his own account and set a new password for it. After successfully doing so, he used the same password to login in the account which set the alarm bells ringing.

Once he alerted Facebook about the discovery, the social networking giants duly replied to Anand and thanked him for his findings.

Here’s what Facebook said to Anand after accepting the loopholes. (Photo Courtesy: Anand Prakash/<a href="http://www.anandpraka.sh/">blog</a>)
Here’s what Facebook said to Anand after accepting the loopholes. (Photo Courtesy: Anand Prakash/blog)

Liked this story? We'll send you more. Subscribe to The Quint's newsletter and get selected stories delivered to your inbox every day. Click to get started.

The Quint is available on Telegram & WhatsApp too, click to join.

Stay Updated

Subscribe To Our Daily Newsletter And Get News Delivered Straight To Your Inbox.

Join over 120,000 subscribers!