Facebook glitch allows hackers to reset your password

Until recently, Facebook had a glitch that would have allowed hackers to reset a target user's password just by having the victim visit a website link.

Security researcher Dan Melamed said the vulnerability lies in Facebook's "claim email address" component but has since been patched up.

"The hacker can ... reset the victim's password using the newly added email address, thus allowing the attacker to take complete control over the Facebook account. This vulnerability has been confirmed to be patched by the Facebook Security Team," Melamed said in a blog post.

He said that when a user tries to add an email address that already exists in the Facebook system, they have the option to "claim it."

In claiming an email address, Facebook did not check who the request came from.

Attackers can exploit the flaw using two Facebook accounts, one of which has the email address the attacker wants to claim, and another to initiate the claim process.

Melamed said a hacker can insert a link on a webpage as either an image or an iframe.

Once clicked, the email is added to the attacker's Facebook account, with the victim unaware of what happened.

Another security researcher, Graham Cluley, added a successful attack could let a hacker read private messages, post updates and private messages in the victim’s name.

But Cluley said the good thing was that Melamed acted responsibly, and disclosed details of the security hole to Facebook.

This allowed Facebook’s security team to respond and fix the flaw.

"Melamed was awarded $1500 by Facebook’s bug bounty initiative for responsibly disclosing the vulnerability to the social network," Cluley noted. — TJD, GMA News

Editor’s note:Yahoo Philippines encourages responsible comments that add dimension to the discussion. No bashing or hate speech, please. You can express your opinion without slamming others or making derogatory remarks.

  • Viernes Santo in Kalibo VERA Files - The Inbox
    Viernes Santo in Kalibo

    Photos by Little Wing Luna, VERA Files Text by Mitch Meñez Kalibo, Aklan--Viernes Santo or Good Friday is the most solemn of all the days in Holy Week. It commemorates the Passion and Death of Jesus on the Cross. The … Continue reading → …

  • Hugas Dugo VERA Files - The Inbox
    Hugas Dugo

    Text by Kimmy Baraoidan, VERA Files Photos by Chris Quintana and Kimmy Baraoidan Pakil, Laguna--In the small town of Pakil, Laguna resides a group of men who call themselves Hugas Dugo. Most members of the group are residents of the … Continue reading → …

  • Lenten procession more than just a spectacle VERA Files - The Inbox

    Text and photos by Kiersnerr Gerwin Tacadena, VERA Files Baliuag, Bulacan--This town is hosting what could be the country’s biggest Lenten procession consisting of more than 100 religious statues riding on carriages or carrozas. But concerns are being raised that … Continue reading → …

POLL
Loading...
Poll Choice Options