So you think your Facebook account is hacker-proof? And the more complicated you make your password the less chance you have of someone guessing it? Well, we’re afraid to tell you that that may not be entirely true.
A 22-year-old Indian researcher named Anand Prakash came across a simple yet effective way to hack into any account on Facebook. It just so happens that there wasn’t a malicious bone in this man’s body, therefore he was quick to inform the social media giant about his recent discovery.
So how does this method work?
As you probably know, if you need to reset your password on Facebook – for whatever reason – the site sends you an email or SMS with a 6-digit code to verify that the right person is requesting the password change. All you need to do then, is access the account (using the code) and change the password. The only problem is that you are only given 12 attempts to input the code correctly, and failing that will result in your account being blocked.
The chances are not great for trying out twelve codes and getting at least one right, but what if you had endless attempts? Prakash discovered that in the beta versions of Facebook (beta.facebook.com and mbasic.beta.facebook.com) there were no limitations to the amount of times you can input the code, therefore it would be possible to try out all the possible variations manually, or using some kind of system to eventually crack the code.
Shortly after Prakash had informed Facebook of his discovery, the company realized the flaw in the security system and awarded him with $15,000!
It just goes to show that there are good people in this world who still care for the privacy and security of others. It could have been a completely different story had someone else discovered it first – don’t you think?