Monday, July 6, 23:53 p.m.
Home investigations Failure on Facebook allows full access to your account by third parties ...

Failure on Facebook allows full access to your account by third parties without your knowledge! [SecNews Research]

The SecNews research team found critical vulnerability in Facebook, which can affect everyone, at least once in their lives, had created an account on platform, and let's is now disabled.

SecNews as part of its research to find vulnerabilities and security gaps on the most popular social networking platforms, recently discovered something that will surely distract you a lot and raise even more concerns about how to secure it your personal life on the Internet.

What really happened?

As part of the research, security experts conducted an experiment whose results were "mind blowing".

Three months ago, a SecNews security researcher created an account GMX email, which he will use to set up a Facebook account to control the registration process offered by the platform.

As you will see in the screenshot, the GMX account was created on 02 September 2019 and the Facebook account was created today, 29 November 2019.

The researcher attempted to officially register on the social networking platform by following all the steps required.

Facebook

Once the registration was complete, the researcher was suddenly logged into a user account from India.

Being surprised to have access to another user's account so easily and having done so reset password for security reasons, browsed the profile to see if it was really a reasonable Facebook error.

After investigating the profile, it was an account that had been created by 2015, remained active for a year and a half, and then the account was disabled.

Facebook

The fact that another user - from another end of the earth - managed to activate the account without needing anything more than signing up for the platform proves that, once again, the way Facebook handles them data and our personal information is risky, and even if we think that by shutting down our account we will be safe.

SecNews conducted a thorough investigation of both the Facebook account and the email address associated with it.

"There is a high likelihood of a user in India having previously had the particular email address with which he had linked his Facebook account. OR email address either stopped using it or was blocked from the email service resulting in Facebook being blocked account." the security researcher pointed out.

The email address was probably offered for reuse. Facebook, although completely different at the time of registration, than the original profile, automatically activated the account without any extra confirmation measure.

It's worth noting that in accordance with Facebook's privacy policy, the platform states that "You will not be able to reactivate your account. " after the end of 30 days. In this case, three years had passed.

Facebook

In the end, how easy is it, information and entire accounts that you may have deleted in the past to be in the wrong hands while you feel safe?

How many more Facebook bugs do we need to understand that "that goes up is never lost"?

SecNews signs the validity of this event.

For reasons GDPR and to safeguard personal data, sensitive information in screenshots is hidden.

You can contact our site for further questions on this subject.

This has also been shared on Facebook and we are awaiting a formal response from the popular platform regarding the event.

2 COMMENTS

  1. I have told them since the day they merged with iguru but they never answered me….

    I also get the impression that this response to Peter's comment will appear as a new comment that doesn't seem to be linked to the other text even though I pressed the answer button ....
    (as has happened in many other cases since the merger….)

LEAVE ANSWER

Please enter your comment!
Please enter your name here

LIVE NEWS

Windows 10 2004: Unauthorized settings "block" the upgrade

Users report that they have a problem with Windows 10, since they are excluded from the application of the May 2020 update, when they manually attempt to ...
00:02:04

Lenovo is improving Linux ThinkPads but the problems remain

Last month, when Lenovo announced that it was going to certify the ThinkPad series for use with Linux operating systems, we thought directly ...

Nigerian accused of fraud against US companies

A Nigerian was taken to the federal court in Chicago on Friday, after being accused of coordinating an international cyber fraud system, which affected ...

Home routers display critical errors and run unpatched Linux

The German Fraunhofer Communication Institute (FKIE) conducted a survey that included 127 home routers from seven different brands, in an effort to ...

IPhone 12 release: Will we finally see it by the end of 2021?

New data on the release of the iPhone 12, which we all expect not to happen in September, say that it will only be delayed ...

MySQL: Replaces terms that reinforce racial discrimination

MySQL database developers have announced that they will be replacing terminology such as master, slave, blacklist, and whitelist.

The CEO of a cryptocurrency investment company was cheating

As reported by News24, Willie Breedt, the founder of VaultAge Solutions (cryptocurrency investment company), declared bankruptcy last week and the ...

United Kingdom: Will it exclude Huawei from its 5G networks?

The UK government has received an NCSC report on Huawei, which may change its policy ...

A Yahoo engineer is not in jail after hacking 6.000 accounts

A former Yahoo engineer has been sentenced to five years in prison for hacking into personal accounts ...

PoC exploits released for critical vulnerability on F5 BIG-IP devices

PoC exploits released for critical vulnerability on F5 BIG-IP devices Two days after the release of updates on critical vulnerability on F5 ...