8th March 2016, Security engineer, Anand Prakash at Indian Ecommerce company Flipkart said he know how to access account of any person without password. For this, he is rewarded with $15,000 for discovering bug that would exploited to hack Facebook user’s account. The essential thing is that he is white hat, other than this he made millions of malicious hacker. The bug left Facebook’s 1.6 billion user at risk. Even if it only existed in wild for around two days before this one was discovered. After then, it was quickly rectified.
He claimed full access on another Facebook account without doing any interaction. Actually, he gains access through resetting new password. After that, he was able to view profile’s messages, credit/debit details saved in the payments section of profile, personal information and many more.
Genuinely, when Facebook user forget their password, they are said to enter email address, username or phone number. Then a six digit code is sent on their email address and phone. Using this code, you can log in on the Facebook account. With this constantly changing code, it stops hackers from guessing password of user’s account. In fact, it locks account after number of guesses.
Unfortunately The flaw found beta website of Facebook which is preferred by software developers. Prakash uses technique called Burp Suite. Burp Suite is an integrated platform for attacking on web applications. This tool is consist of several interfaces between them which is designed to facilitate and speed up attacking process. It share robust framework for handling HTTP requests, authentication, upstream proxies, logging altering and extensibility. It gives facility to combine manual and automated methods to analyse, attack, exploit web applications.
Burp Suite is consist of tools mentioned below –
Proxy – It is very interactive HTTP/S proxy server for attacking and testing numerous web applications. It works as interface between end browser and target web server. Using this, user can inspect and make changes in the raw traffic passing in both direction.
Spider – This tool is used for mapping web applicants. It prefers various brilliant techniques to create comprehensive inventory of an applications data and functionality.
Repeater – Burp Repeater is used to manually set individual HTTP requests and analysing their results.
Sequencer – This tool is used to determine the degree of randomness in any application’s session tokens.
Decoder – It transforms encoded data into canonical form. Even, for transforming raw data into numerous encoded and hashed form. It recognizes coded language using heuristic methods.
To help you in better understand how to hack account, Prakash has demonstrated the brute force attack in video. This popular web app security testing tools helps in guessing 6 digit codes.
Prakash said “very easy to exploit and his hack was available to everyone”. The flaw also said that a skilled hacker needed just a Facebook member’s username. Getting a name can be publicly by just searching Facebook profile.
Cyber security, Professor Alan Woodward said it was very simple to hack someone Facebook account.
Some of the possible ways to hack Facebook account : –
Facebook is like a part of life. People share every cherish moment. But the most important thing is to be worried is security of personal info. With the advancement in technology, hackers uses advance tools to steal credential information like credit card details, contacts and many more. Despite of well security concern, it has been from years, hackers make efforts to access Facebook account of users. Some of the common ways of hacking account.
Reset Password – The most easy way to get access on someone’s account through resetting password. First of all, try to find email address in contact info section. Then go to login page and type email. There is an option to opt for forget password and email is sen to your account and if you know login of email you can access. If you don’t it gives 24 hours to recognize your friend on Facebook to access it.
Use Keylogger – A software keylogger captures every single stroke on keyboard without user’s knowledge. It will automatically record activities till computer is not shutdown. Then onwards hackers gets password of the Facebook account without user’s knowledge.
Phishing – This one is quite difficult to implement than other option. It is done through creating a fake log in page. The page is send through emails. If the user login the details will reached to the hackers. For this you have to make fake web hosting account and log in page.
Stealing Cookies – The cookies allows to store information on user’s hard drive. Later it retrieve from their. In case, preferring same Wi-Fi, it will not provide password but give access on user’s account by cookies, pretending hacker’s browsers as legal one.
Apart from all these methods, protection is also available to keep your account secure. For more detailed information about this – http://null-byte.wonderhowto.com/how-to/4-ways-crack-facebook-password-and-protect-yourself-from-them-0139532/