Thursday, September 24, 14:23
Home investigations Failure on Facebook allows full access to your account by third parties ...

Failure on Facebook allows full access to your account by third parties without your knowledge! [SecNews Research]

The SecNews research team found critical vulnerability in Facebook, which can affect everyone, at least once in their lives, had created an account on platform, and let's is now disabled.

SecNews as part of its research to find vulnerabilities and security gaps on the most popular social networking platforms, recently discovered something that will surely distract you a lot and raise even more concerns about how to secure it your personal life on the Internet.

What really happened?

As part of the research, security experts conducted an experiment whose results were "mind blowing".

Three months ago, a SecNews security researcher created an account GMX email, which he will use to set up a Facebook account to control the registration process offered by the platform.

As you will see in the screenshot, the GMX account was created on 02 September 2019 and the Facebook account was created today, 29 November 2019.

The researcher attempted to officially register on the social networking platform by following all the steps required.


Once the registration was complete, the researcher was suddenly logged into a user account from India.

Being surprised to have access to another user's account so easily and having done so reset password for security reasons, browsed the profile to see if it was really a reasonable Facebook error.

After investigating the profile, it was an account that had been created by 2015, remained active for a year and a half, and then the account was disabled.


The fact that another user - from another end of the earth - managed to activate the account without needing anything more than signing up for the platform proves that, once again, the way Facebook handles them data and our personal information is risky, and even if we think that by shutting down our account we will be safe.

SecNews conducted a thorough investigation of both the Facebook account and the email address associated with it.

"There is a high likelihood of a user in India having previously had the particular email address with which he had linked his Facebook account. OR email address either stopped using it or was blocked from the email service resulting in Facebook being blocked account." the security researcher pointed out.

The email address was probably offered for reuse. Facebook, although completely different at the time of registration, than the original profile, automatically activated the account without any extra confirmation measure.

It's worth noting that in accordance with Facebook's privacy policy, the platform states that "You will not be able to reactivate your account. " after the end of 30 days. In this case, three years had passed.


In the end, how easy is it, information and entire accounts that you may have deleted in the past to be in the wrong hands while you feel safe?

How many more Facebook bugs do we need to understand that "that goes up is never lost"?

SecNews signs the validity of this event.

For reasons GDPR and to safeguard personal data, sensitive information in screenshots is hidden.

You can contact our site for further questions on this subject.

This has also been shared on Facebook and we are awaiting a formal response from the popular platform regarding the event.


  1. I have told them since the day they merged with iguru but they never answered me….

    I also get the impression that this response to Peter's comment will appear as a new comment that doesn't seem to be linked to the other text even though I pressed the answer button ....
    (as has happened in many other cases since the merger….)


Please enter your comment!
Please enter your name here


NASA: Asteroid will fly closer to our satellites

The asteroid 2020 SW, the size of a bus, is going to fly 13.000 miles above the Earth in the next few hours, he said ...

Seagate 1TB SSD Expansion for Xbox Series X, Series S costs $ 220

Ever since Microsoft announced the details of the Velocity Drive architecture in the new Xbox Series, we knew we would not ...

User reported that Airbnb accounts are vulnerable to hijacking

It was recently learned that Airbnb accounts are vulnerable to hijacking. Attackers can easily breach accounts, creating a new account ...

Google: Will test "hybrid" work models from home

Google is considering long-term job options, as most employees say they do not want to return to the office.

Tyler Technologies: The US government technology provider was ransomware attacked

Tyler Technologies, the top technology provider of the US government, was attacked by ransomware, which resulted in the suspension of ...

From next year you will be using Microsoft Office without a subscription

Microsoft seems to be planning to release a new version of Office without a subscription in 2021. The news was found ...

Puppy Linux 9.5: Released after 2 years delay

Puppy Linux is a small but very fast Linux based operating system. In case...

Gefco logistics company fell victim to a cyber attack

The logistics company Gefco, based in France, admitted that it fell victim to a cyber attack last Sunday, the ...

The new malware "Alien" steals passwords from 226 Android applications

Security researchers have discovered and analyzed a new strain of Android malware that comes with a wide range of features that allow it ...

Microsoft, Italy, the Netherlands warn of an increase in Emotet malware

Two weeks after France, Japan and New Zealand issued warnings to increase Emotet activity, new ...