Tuesday, March 2, 10:29
Home investigations Failure on Facebook allows full access to your account by third parties ...

Failure on Facebook allows full access to your account by third parties without your knowledge! [SecNews Research]

The SecNews research team found critical vulnerability in Facebook, which can affect everyone, at least once in their lives, had created an account on platform, and let's is now disabled.

SecNews as part of its research to find vulnerabilities and security gaps on the most popular social networking platforms, she recently spotted something that will surely surprise you a lot and further reinforce her concerns about how to secure her your personal life on the Internet.

What really happened?

As part of the research, security experts conducted an experiment whose results were "mind blowing".

Three months ago, a SecNews security researcher created an account GMX email, which he will use to set up a Facebook account to control the registration process offered by the platform.

As you will see in the screenshot, the GMX account was created on 02 September 2019 and the Facebook account was created today, 29 November 2019.


The researcher attempted to officially register on the social networking platform by following all the steps required.


Once the registration was complete, the researcher was suddenly logged into a user account from India.

Being surprised to have access to another user's account so easily and having done so reset password for security reasons, browsed the profile to see if it was really a reasonable Facebook error.

After investigating the profile, it was an account that had been created by 2015, remained active for a year and a half, and then the account was disabled.


The fact that another user - from another end of the earth - managed to activate the account without needing anything more than signing up for the platform proves that, once again, the way Facebook handles them data and our personal information is risky, and even if we think that by shutting down our account we will be safe.

SecNews conducted a thorough search of both the Facebook account and the email address associated with it.

"There is a high likelihood of a user in India having previously had the particular email address with which he had linked his Facebook account. OR email address either stopped using it or was blocked from the email service resulting in Facebook being blocked account." the security researcher pointed out.

The email address was probably offered for reuse. Facebook, although completely different at the time of registration, than the original profile, automatically activated the account without any extra confirmation measure.

It's worth noting that in accordance with Facebook's privacy policy, the platform states that "You will not be able to reactivate your account. " after the end of 30 days. In this case, three years had passed.


In the end, how easy is it, information and entire accounts that you may have deleted in the past to be in the wrong hands while you feel safe?

How many more Facebook bugs do we need to understand that "that goes up is never lost"?

SecNews signs the validity of this event.

For reasons GDPR and to safeguard personal data, sensitive information in screenshots is hidden.

You can contact our site for further questions on this subject.

This has also been shared on Facebook and we are awaiting a formal response from the popular platform regarding the event.


  1. I have told them since the day they merged with iguru but they never answered….

    I also have the impression that this reply to Peter's comment will appear as a new comment that will not appear to be linked to the other text even though I pressed the κου reply button.
    (as this has happened in many other cases after the merger….)


Please enter your comment!
Please enter your name here