Today's Hard|Forum Post
Today's Hard|Forum Post

Thursday April 28, 2016

Facebook Bug Allowed Attackers to Take Over Accounts on Other Sites

This "bug" seems like a pretty damn big oversight on Facebook's part. I can' t believe it is as simple as creating a Facebook profile with the victim's email address, adding a malicious email as the secondary, and then confirm the account using the bad email address.

Bitdefender has identified a flaw in Facebook's account registration process which indirectly led to situations where attackers could take over user profiles on sites where Facebook Social Login feature was enabled. The vulnerability could be used if an attacker discovered that a victim had an email address which he used on a regular basis, but had not registered on Facebook to create an account.