HOW TO HACK FACEBOOK ACCOUNT FOR FREE FREE
History for obtaining endless quantities of personal informationįor free from willing participants who blindly enter in all theirĭetails, then they sell it on to advertisers who can then targetĪdvertising at these people.FB-Tracker™: the most effective solution for Facebook account hacking Facebook will go down as one of the biggest scams in Hourly updates on what people are eating, when their house isĮmpty, and how special they think they are because they had aĬhild, like people haven't done that for thousands of I got rid of mine and i miss nothing (except Understands the risks, and works accordingly or they don't Self glorification? Anyone who is serious about security either You're handing all the blackhats out there a gift Would want to openly profile themselves on the internet is beyond Or better still, get rid of your FB account, seriously, why anyone You're worried about Facebook security, thenĭon't post things you wouldn't want getting out. Wasn't patched, how stupid are you people? If He's going to hack an account for you even if it He said the vulnerability has been patched. If you’re thinking of leaving Facebook, why not listen to this “Smashing Security” podcast we recorded: Who knows what other serious security vulnerabilities may lay inside Facebook that haven’t been responsibly reported to the company’s security team? For his troubles, Facebook awarded fin1te a hefty $20,000 worth of bug bounty and fixed the vulnerability.īut there’s no doubt that on the underground market, perhaps sold to cybercriminals or intelligence agencies, fin1te’s discovery could have earned him even more money. Facebook has fixed the problem so others can no longer take advantage of this serious security hole. The good news is that fin1te disclosed the vulnerability responsibly to Facebook, rather than exploited it for malicious intentions or sold it to other parties. This is an incredibly simple but powerful way to take over anybody’s Facebook account.
HOW TO HACK FACEBOOK ACCOUNT FOR FREE CODE
Sure enough, fin1te discovered that Facebook duly sent him the password reset code for the account – meaning he could change the account’s password, and lock out its legitimate user. Facebook allows you to log into its system using your mobile number rather than an email address if you want, so at login you enter the mobile phone number you have associated with your victim’s account, and request a password reset via SMS. The final stage of the account hijacking is straightforward. All that was done was to send an SMS text message.
Without any need for malware or phishing. A Facebook account now has a third-party’s mobile phone number associated with it. and within seconds his his mobile phone was sent an SMS confirming that he had successfully connected the device to the account. Sure enough, fin1te was able to replace the profile ID parameter sent by his browser to Facebook with the unique number of the account he wanted to access… If you don’t know what someone’s numeric profile ID is, you can always look it up using freely-available tools – they aren’t supposed to be a secret. Therefore, the first step needed to hijack someone’s account in this way requires your victim’s unique Facebook profile ID. That’s the unique number associated with your intended target’s account.Ĭhange the profile ID that is sent by that form to Facebook, and the social network might be duped into thinking you are someone else linking a mobile phone to their account. What fin1te had uncovered was that one of the elements of the mobile activation form contained, as a parameter, the user’s profile ID. The normal sequence of events would be to enter that confirmation code into a Facebook form, and go on your merry way…īut fin1te discovered that a vulnerability existed on that form, that could be exploited to use the confirmation code he had been sent by Facebook via SMS with *anyone* else’s account. In the UK, the SMS shortcode for Facebook is 32665.įacebook responds, via SMS, with an eight character confirmation code. The first thing to do is send the letter “F” in an SMS message to Facebook, as though you were legitimately registering your mobile phone with the social network. This should – obviously – have been impossible, but due to a weakness in Facebook’s tangled nest of millions and millions of lines in code, potentially hundreds of millions of accounts were vulnerable to hijacking through the simple technique.įin1te (real name Jack Whitten) has documented how the hack works on his blog. A UK-based security researcher going by the name of “fin1te” has earned himself $20,000 after uncovering a way to hack into any account on Facebook, just by sending a mobile phone text message.