It is found that there is vulnerability in Facebook, which helps the hackers to hack the Facebook account in a minute. This vulnerability allows the hackers to take control of the account and gives enough time for the hacker to take control of the victim account.
The thing needed to hack the victim account must log into the Facebook account and the hacker needs the website link to hack the account. Once the hacker acquires the link, then the account can be hacked in a minute. The Facebook security professionals confirmed the vulnerability. The flaw is in the “claim it” option that available when the user tries to add an email address. The loophole is Facebook doesn’t check the request member and this is makes the account to be hacked. To test the hacker needs the two Facebook accounts. One is the existing email account that hacker needs to claim and the second is the existing account to apply the claim process.
Dan Melamed, has provided the details in his blog and also the steps are to hack the Facebook account are as follows,
- Claim request for the @hotmail it takes to the link as
https://www.facebook.com/support/openid/proxy_hotmail.php?appdata[fbid]=AQ3Tcly2XEfbzuCqyhZXfb8_hYHTnHPPd-CDsvdrLzDnWLpsKTMcaXtIzV0qywEwbPs
in this the parameter appdata[fbid] represents the encrypted email id, Dan uses the account name “funnyluv196@hotmail.com” for the demonstration
- Once done the link takes place to login account for hotmail, the name should be the encrypted email account as
https://www.facebook.com/support/openid/accept_hotmail.php?appdata=%7B%22fbid%22%3A%22AQ3Tcly2XEfbzuCqyhZXfb8_hYHTnHPPd-CDsvdrLzDnWLpsKTMcaXtIzV0qywEwbPs%22%7D&code=a6893043-cf19-942b-c686-1aadb8b21026
- Once logged in the source code claim process succeed.
<script type=”text/javascript”>window.opener.location.href = “\/claim_email\/add_email\/check_code?email=funnyluv196\u002540hotmail.com&openid=1″; window.close();</script>
The two steps for simple process that exploits is
- The page can be visited by any account of Facebook
- The link will be enabled for about 3 hours which gives the enough time for the hackers to take advantage of victim account
Once done the hacker can reset the password for the victim account. It is easy and simple.
The following video from Dan Melamed which he has the proof for the Facebook account hack in a minute
Recently there are more security flaws on more the most special social network which has to be stopped.