Facebook Awards Indian Hacker $15,000 For Discovering How to Hack into any Profile
A brilliant hacker from India found a dangerous weakness in Facebook’s “Forgot Password?” algorithm that can be exploited to gain access to any profile. Instead of utilizing it to do harm, he notified Facebook about the loophole and was rewarded a cool $15,000.
Security engineer Anand Prakash detailed his accomplishment in a blog post, explaining his discovery and methods on exploring the social network’s vulnerability. He also uploaded a video proving his exploit along with a screenshot of his prize from Facebook.
White hat hackers, such as Prakash, are people who are paid to hack into computer networks to test or evaluate its security systems.Prakash has previously worked with Facebook on identifying bugs in its website.
“One of the most valuable benefits of bug bounty programs is the ability to find problems even before they reach production,” Facebook told Gizmodoin a statement. “We’re happy to recognize and reward Anand for his excellent report.”
In Facebook’s standard password recovery steps, if a user forgets a password, Facebook will text or email a six-digit confirmation code connect into the website so that the password can be reset and the profile can be accessed. The website lets its users attempt to enter the code correctly several times before they are locked out.
Facebook’s beta sites, such as beta.facebook.com, however, don’t have that lock-out function in place. Prakash exploited this loophole to force his way into someone’s account since the beta site gave him an unlimited number of attempts to enter that six-digit confirmation code.
After the successful account break-in, Prakash said he was “able to view messages, his credit/debit cards stored under payment section, personal photos, etc.”
Facebook, like any other website, has system vulnerabilities and has paid bug bounties to hackers to sniff out the bugs for them.
Many people might not know this, but despite our large and loyal following which we are immensely grateful for, NextShark is still a small bootstrapped startup that runs on no outside funding or loans.
Everything you see today is built on the backs of warriors who have sacrificed opportunities to help give Asians all over the world a bigger voice.
However, we still face many trials and tribulations in our industry, from figuring out the most sustainable business model for independent media companies to facing the current COVID-19 pandemic decimating advertising revenues across the board.
We hope you consider making a contribution so we can continue to provide you with quality content that informs, educates and inspires the Asian community.
Even a $1 contribution goes a long way. Thank you for everyone’s support. We love you all and can’t appreciate you guys enough.