How will you protect yourself?
A cyber security expert has found a way to hack any Facebook account by finding weaknesses in the social network’s password reset mechanism.
As Forbes reports on its website, Samip Aryal from Nepal discovered that by uninstalling and reinstalling the app from different users, he could manipulate the password reset flow on the profile and change the authentication/login password, gaining account access.
In fact, he summarized that the “hole” in the security he identified concerns the following problems:
1 – the code remained valid for 2 hours (enough time to locate the 6-digit code)
2 – same code sent each time within 2 hours
3 – Aryal (the attacker) could attempt as many incorrect logins as he needs, again allowing him to have many options
Using the correct code, Aryal reset the account’s password and took control, which allowed him to set a new password.
For its part, Facebook asked for some clarification before addressing the issue a few days later, responding to Aryal.
How to avoid eavesdropping
Enabling multi-factor authentication and paying attention to managing password reset spam or messages related to our account in general are some helpful practices to protect our personal data on the platform.
If in doubt, start the password reset flow yourself, set a brand new complex password, and avoid using SMS for multi-factor authentication and instead use a trusted Authenticator app instead.
