Facebook Accounts Can Be Hijacked Via Text Message

A recently discovered—and corrected—exploit in Facebook let users hijack any account via SMS text message.

A security researcher claims to have discovered a security hole, or exploit, in Facebook that lets anyone hijack an account via SMS text message. Fin1te, a researcher based in the United Kingdom, posted the details on a Tumblr blog. A Facebook flaw in a PHP file used to handle mobile phone logins is responsible for the security hole.

The exploit, which has been corrected, allows potential hackers to engage in multiple steps to trick Facebook into giving them a password reset code for any user account. All the potential hacker needs is a target's User ID number, which can be obtained in seconds by browsing Facebook.com.

Fin1te also received financial compensation—roughly $20,000—for finding this bug. Fast Company has previously reported on the booming exploit marketplace, where tech companies, organized crime groups, intelligence agencies, and foreign military entities offer monetary compensation for people who can find security holes in software and digital services.

Add New Comment

1 Comments

  • 4prongpitchfork

    ah yes,  Schmuckenbergs black hole of narcissistic orgy gets fixed again.  Carry on. Meanwhile, back here on planet earth the human beings are preparing for battle with those who would subjugate them forever while Fuckfacebook exponentially fills NSA data centers with zetabites of mindnumbingly detailed minutia of the daily exploits of a hundred million inhabitants of the parallel universe of Don't Get It.  We thank you for your cooperation.