The Hacker News Logo
Subscribe to Newsletter

The Hacker News — Cyber Security and Hacking News Website: Facebook hack

540 Million Facebook User Records Found On Unprotected Amazon Servers

540 Million Facebook User Records Found On Unprotected Amazon Servers

April 03, 2019Mohit Kumar
It's been a bad week for Facebook users. First, the social media company was caught asking some of its new users to share passwords for their registered email accounts and now… ...the bad week gets worse with a new privacy breach. More than half a billion records of millions of Facebook users have been found exposed on unprotected Amazon cloud servers. The exposed datasets do not directly come from Facebook; instead, they were collected and unsecurely stored online by third-party Facebook app developers. Researchers at the cybersecurity firm UpGuard today revealed that they discovered two datasets—one from a Mexican media company called Cultura Colectiva and another from a Facebook-integrated app called "At the pool"—both left publicly accessible on the Internet. More than 146 GB of data collected by Cultura Colectiva contains over 540 million Facebook user records, including comments, likes, reactions, account names, Facebook user IDs, and more. The
Hackers Stole 50 Million Facebook Users' Access Tokens Using Zero-Day Flaw

Hackers Stole 50 Million Facebook Users' Access Tokens Using Zero-Day Flaw

September 28, 2018Swati Khandelwal
Logged out from your Facebook account automatically? Well you're not alone… Facebook just admitted that an unknown hacker or a group of hackers exploited a zero-day vulnerability in its social media platform that allowed them to steal secret access tokens for more than 50 million accounts. UPDATE:  10 Important Updates You Need To Know About the Latest Facebook Hacking Incident . In a brief blog post published Friday, Facebook revealed that its security team discovered the attack three days ago (on 25 September) and they are still investigating the security incident. The vulnerability, whose technical details has yet not been disclosed and now patched by Facebook, resided in the "View As" feature—an option that allows users to find out what other Facebook users would see if they visit your profile. According to the social media giant, the vulnerability allowed hackers to steal secret access tokens that could then be used to directly access users' private in
Another Facebook Bug Allowed Anyone to Delete Your Photos

Another Facebook Bug Allowed Anyone to Delete Your Photos

November 27, 2017Swati Khandelwal
If you think a website whose value is more than $500 billion does not have any vulnerability in it, then you are wrong. Pouya Darabi, an Iranian web developer, discovered and reported a critical yet straightforward vulnerability in Facebook earlier this month that could have allowed anyone to delete any photo from the social media platform. The vulnerability resides in Facebook's new Poll feature, launched by the social media giant earlier this month, for posting polls that include images and GIF animations. Darabi analyzed the feature and found that when creating a new poll, anyone can easily replace the image ID (or gif URL) in the request sent to the Facebook server with the image ID of any photo on the social media network. Now, after sending the request with another user image ID (uploaded by someone else), that photo would appear in the poll. "Whenever a user tries to create a poll, a request containing gif URL or image id will be sent, poll_question_data[
This Bug Could Allow Hackers to Delete Any Video On Facebook

This Bug Could Allow Hackers to Delete Any Video On Facebook

January 23, 2017Mohit Kumar
A security researcher has discovered a critical vulnerability in Facebook that could allow attackers to delete any video of the social networking site shared by anyone on their wall. The flaw has been discovered by security researcher Dan Melamed in June 2016, allowing him not only to remotely delete any video on Facebook shared by anyone without having any permission or authentication but also to disable commenting on the video of your choice. Here's how to exploit this flaw: In order to exploit this vulnerability, Melamed first created a public event on the Facebook page and uploaded a video on the Discussion part of the event. While uploading the video, the researcher tampered the POST request using Fiddler and then replace the Video ID value of his video with Video ID value of any other video on the social media platform. Although Facebook responded to this issue with a server error, i.e. " This content is no longer available, " but the new video was s
Hacker reveals How He Could have Hacked Multiple Facebook Accounts

Hacker reveals How He Could have Hacked Multiple Facebook Accounts

August 27, 2016Swati Khandelwal
How to Hack a Facebook Account? That's possibly the most frequently asked question on the Internet today. Though the solution is hard to find, a white hat hacker has just proven how easy it is to hack multiple Facebook accounts with some basic computer skills. Your Facebook account can be hacked, no matter how strong your password is or how much extra security measures you have taken. No joke! Gurkirat Singh from California recently discovered a loophole in Facebook's password reset mechanism that could have given hackers complete access to the victim's Facebook account, allowing them to view message conversations and payment card details, post anything and do whatever the real account holder can. The attack vector is simple, though the execution is quite difficult. The issue, Gurkirat ( @GurkiratSpeca ) says, actually resides in the way Facebook allows you to reset your password. The social network uses an algorithm that generates a random 6-digit passcode ‒
Here's How to Get Facebook New 'Dislike Button' to Your Profile

Here's How to Get Facebook New 'Dislike Button' to Your Profile

September 22, 2015Swati Khandelwal
You may call this a misleading headline. Right? Yes, it's True. And I apologize for this. But… ...before someone else tricks you to visit any malicious link with intent to hijack your Computer or to Hack Facebook Profile , I just tricked you to visit this ' WARNING ' article about Facebook Scam of the Dislike button. Facebook Scam: Get Facebook Dislike Button Facebook users are being targeted in a new scam that takes advantage of the recent widely publicized announcement by Facebook CEO Mark Zuckerberg that a ' Facebook Dislike Button ' is in development. Zuckerberg said that there're obvious moments in life or bad fortunes where people do not want to "like" posts and wants to express their empathy. He also confirmed that the social network giant was working on such technology but didn’t say that it’s actually a " Dislike. " The much-vaunted " Dislike " or "empathy" feature has not rolled out ju
Hack Codegen - Facebook Open-Sources Code That Writes Code

Hack Codegen - Facebook Open-Sources Code That Writes Code

August 24, 2015Swati Khandelwal
Good news for Open Source Lovers! Facebook has open-sourced Hack Codegen – its library for automatically generating Hack code, allowing outside developers to automate some of their routine work while developing large programs. HACK is the Facebook's own programming language designed to build complex web sites and other software quickly and without many flaws. HACK programming language is developed for HipHop Virtual Machine (HHVM) – an open-source virtual machine designed to execute programs written in Hack and PHP. The top 20 open source frameworks on Github run on HHVM. Also Read: Top 10 Popular Programming Languages used on GitHub HACK CodeGen is Now Open Source While making the announcement of open-sourcing Hack Codegen , which automatically generates hack code, Facebook's software engineer Alejandro Marcu said in a blog post : "Being able to generate code through automated code generation allows [developers] to increase the level of abst
Win Apple's iPhone 6 For Free – A New Facebook Scam

Win Apple's iPhone 6 For Free – A New Facebook Scam

September 17, 2014Swati Khandelwal
Apple's iPhone 6 FREE ? Of course not ! It’s only a hoax, but scammers have announced the just release iPhone 6 free. Another Facebook scam is circulating across the popular social networking website just days after Apple unveiled its upcoming iPhone 6 and iPhone 6 Plus, as scammers take advantage of all the hype and use them to lure Facebook users. THREE SIMPLE STEPS AND iPHONE 6 IS YOURS — REALLY? As usual, This new scam promises a chance to Win a free iPhone 6 to those users who complete a series of steps, as reported by Hoax-Slayer. You just need to go through "three easy steps" to get a chance to win the device: Like the Facebook page created to propagate the scam Share the page with your Facebook friends Download a "Participation Application" But before you proceed to the last step, a pop-up window leads you to participate in a survey before you can download the application. The survey will ask you to share your name, address, p
HACK - A New Open Source Programming Language developed by Facebook

HACK - A New Open Source Programming Language developed by Facebook

March 23, 2014Mohit Kumar
Facebook just released a new programming language called ' HACK ', designed to build complex websites and other software quickly and without many flaws. The company has already migrated almost all of its PHP-based social networking site to HACK over the last year, but it has nothing to do with Hacking. When Social Networking website Facebook was started 10 years ago, it was coded in PHP by Mark Zuckerberg and team, but as the company grew, PHP Programming platform became difficult to manage and bug-free. Thus, Hack was born!  Facebook Team decides to develop a new programming language that could combine elements of static- type programming languages such as C or C++ with dynamic-type languages like PHP, now called " HACK Programming Language ". " Hack has deep roots in PHP. In fact, most PHP files are already valid Hack files. " Facebook said, " We have also added many new features that we believe will help make developers more productiv
Facebook vulnerability allows to view hidden Facebook Friend List

Facebook vulnerability allows to view hidden Facebook Friend List

November 22, 2013Mohit Kumar
Facebook is one of the most powerful and reliable social networking website. It allows users to interact with other users after being friends with one another. Facebook allows users to make the friend list public or private. If it is made private, your friend list won't appear on your publicly viewable profile. Irene Abezgauz , a security researcher from the Quotium Seeker Research Center has found a vulnerability in Facebook  website that allows anyone to see a users’ friends list, even when the user has set that information to private. v The exploit is carried out by abusing the ' People You May Know ' feature on Facebook , which suggests new friends to users. It suggests friends to you based on mutual connections and other criteria such as work or education information. This Hack is really very simple! All a hacker would have to do would be to create a fake Facebook profile and then send a friend request to their target. Even if the targeted user ne
Facebook hack exposes contact Information of 6 Million Users

Facebook hack exposes contact Information of 6 Million Users

June 23, 2013Mohit Kumar
Facebook is alerting its users about a security breach due to a technical glitch, that may have inadvertently exposed the email addresses and telephone numbers of roughly 6 million users. " We recently received a report to our White Hat program regarding a bug that may have allowed some of a person’s contact information (email or phone number) to be accessed by people who either had some contact information about that person or some connection to them, " Facebook said in its announcement. The problem stemmed from a tool that allows users to upload their contact lists or address books to Facebook so that the social network can serve up friend recommendations or invite people to join Facebook. " Because of the bug, some of the information used to make friend recommendations and reduce the number of invitations we send was inadvertently stored in association with people's contact information as part of their account on Facebook, " As a result,
Hacking Facebook users just from chat box using multiple vulnerabilities

Hacking Facebook users just from chat box using multiple vulnerabilities

April 17, 2013Mohit Kumar
Nir Goldshlager , Founder/CEO at Break Security known for finding serious flaws in Facebook once again on The Hacker News for  sharing his new finding i.e Stored Cross-site Scripting (XSS) in Facebook Chat, Check In and Facebook Messenger. Stored Cross-site Scripting ( XSS ) is the most dangerous type of Cross Site Scripting. Web applications where the injected code is permanently stored on the target servers, such as in a database, in a message forum, visitor log, comment field, etc 1.) Stored XSS In Facebook Chat: This vulnerability can be used to conduct a number of browser-based attacks including, Hijacking another user's browser, Capturing sensitive information viewed by application users, Malicious code is executed by the user's browser etc. When a user starts a new message within Facebook that has a link inside, a preview GUI shows up for that post. The GUI is used for presenting the link post using a parameter i.e  attachment[params][title],attac
Facebook OAuth flaw allows gaining full control over any Facebook account

Facebook OAuth flaw allows gaining full control over any Facebook account

February 21, 2013Mohit Kumar
Facebook OAuth is used to communicate between Applications & Facebook users, to grant additional permissions to your favorite apps. To make this possible, users have to ' allow or accept ' the application request so that app can access your account information with required permissions. As a normal Facebook user we always think that it is better than entering your Facebook credentials, we can  just allow specific permissions to an app in order to make it work with your account. Today whitehat Hacker ' Nir Goldshlager ' reported ' The Hacker News ' that he discovered a very critical vulnerability in Facebook's OAuth system, that allowed him to get full control over any Facebook account easily even without ' allow or accept ' options. For this purpose he hunt the flaw in a very mannered way i.e Step 1) Understanding the OAuth URL Step 2) Finding a way to use custom parameters in URL Step 3) Bypassing OAuth ' Allow '
Exclusive Deals

Get Daily News Updates By Email

Join over 350,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.