Search results for hacked site:facebook.com | Breaking Cybersecurity News | The Hacker News

There are many unpatched loopholes or flaws in Facebook website, that allow hackers to inject external links or images to a wall, hijacking any facebook account or bypassing your social privacy . Today we are going to report about another unfixed facebook app vulnerability that allow a hacker to spoof the content of any Facebook app  easily. Nir Goldshlager from Break Security today exposed another major flaw that allows hacker to wall post spoofed messages from trusted applications like Saavn, Candy Crush, Spotify, Pinterest, or really any other application on Facebook. In 2012 Facebook's method of publishing called stream.publish and the  Stream Publish Dialog looks like the following:  https://www.facebook.com/dialog/stream.publish?app_id=xxxx&redirect_uri=https://www.facebook.com/&action_links=&attachment=%7B%27media%27:%20[%7B%27type%27:%20%27flash%27,%27swfsrc%27:%27https://files.nirgoldshlager.com/goldshlager2.swf%27...

Lulzsec Exposed, Long Live Anonymous ! Lulz war ! Today Hacking group "Lulzsec" completed their 50th day and also announce the retirement of Lulz boat . What are the Reasons behind this ? Lulz Security's rise to prominence has been extraordinarily fast.The hacking group first emerged in May and in the past few weeks has attacked the websites of some of the world's leading corporations and governments. The group specialises in locating websites with poor security and then stealing information from them and posting it online via Twitter account, well They have 278,429 Followers]in 50days. To understand who/what lulzsec is, you need to understand where they came from. Everything originates from the chan (4chan/711chan/etc.) culture. It's a culture built around the anonymity of the internet. If your anonymous no one can find you. No one can hurt you, so your invincable. According to Anonymous " The problem with Lulzsec is that they lack the skills to kee...

Gaana.com -- One of India's most popular music streaming service with more than 10 Million registered users and 7.5 Million monthly visitors -- has reportedly been hacked, exposing the site's user information database. A Pakistani hacker, who claimed responsibility for the hack, claims that details of over 10 Million users of Gaana service including their username, email addresses, MD5-encrypted password, date of births, and other personal information has been stolen and made available in a searchable database. At the time of writing, Gaana website is currently down for maintenance without any official statement provided yet. As of now, the site displays, "Site is down due to server maintenance. We will be back shortly. Kindly bear with us till then." Details of 10 Million Users Available in a Searchable Database: The hacker, nicknamed Mak Man , posted the link to a searchable database of Gaana user details on his Facebook page, with images of t...

The pro-Assad group Syrian Electronic Army claims it has hacked the President Barack Obama's website , Twitter-Facebook accounts and access email accounts linked to Organizing For Action, the non-profit offshoot of Obama For America, Obama's 2012 campaign operation. Last night,  Syrian Electronic Army (SEA)  hacked into Obama's donation website donate.barackobama.com , which was temporarily redirected to the website of the hacking group ( sea . sy / indexs / ) with a short message: " Hacked by SEA ". The hackers were able to take over only a secondary donations page. It was an older page - still on the site, but was no longer being used. They have also posted fake tweets and updates from Obama's Facebook Page and Twitter accounts, " All  the  links that Barack Obama account tweeted it and post it on Facebook was redirected to a video showing the truth about Syria " Hacker told Mashable in an interview. The attackers also compromised the URL ...

" Signup or Login with Facebook " ?? You might think twice before doing that next time. A security researcher has discovered a critical flaw that allows hackers take over Facebook accounts on websites that leverage ' Login with Facebook ' feature. The vulnerability doesn't grant hackers access to your actual Facebook password, but it does allow them to access your accounts using Facebook application developed by third-party websites such as Bit.ly , Mashable , Vimeo , About.me , Stumbleupon , Angel.co and possibly many more. FLAW EXPLOITS THREE CSRFs PROTECTION Egor Homakov , a researcher with pentesting company Sakurity, made the social network giant aware of the bug a year ago, but the company refused to fix the vulnerability because doing so would have ruined compatibility of Facebook with a vast number of websites over the Internet. The critical flaw abuses the lack of CSRF ( Cross-Site Request Forgery ) protection for three different proce...

Pakistan Army site (pakistanarmy.gov.pk) and Three Facebook pages hacked by an Indian hacker 'Godzilla '. Hacker told ' The Hacker News ' that, using a CMS vulnerability they got access into the Pakistan army website using credentials i.e. Username: mag_admin password: #$%modern! .  Then they left a malicious PDF magazine document in their content management system of magazine portal for the Pakistan army, which was later clicked by the Administrator and that installed a piece of malware on the administrator's computer. " For security they have taken down the login page of content management but failed to remove my backdoor " hacker told The Hacker News. Using an infected system of the Administrator, he has also gained unauthorized access to three Pakistan Army Facebook pages. Pakistan Army Official Facebook Page ( www.facebook.com/OfficialPakArmy ) Pakistan Army Officers Club Facebook Page ( www.facebook.com/fb.paoc ) Pakistan Army Fan Facebook Page...

Sony Pictures hacked and Database Leaked by LulzSec YES ! Sony Hacked Again once more by Lulzsec. The Target is  SonyPictures.com and It compromised over 1,000,000 users'personal information, including passwords, email addresses, home addresses,dates of birth, and all Sony opt-in data associated with their accounts.Also compromised all admin details of Sony Pictures(including passwords) along with 75,000 "music codes" and 3.5 million "music coupons". SonyPictures.com was hacked by a very simple SQL injection , one of the most primitive and common vulnerabilities.From a single injection, They accessed whole database.  The worst thing is Sony stored over 1,000,000 passwords of its customers in plaintext, No md5 OR other type of Encryption. The Leaked Data included databases from Sony BMG Belgium & Netherlands .These also contain varied assortments of Sony user and staffer information. Message By Lulzsec: Our goal here is not to come across as m...

Yesterday I have reported about a huge mysterious hack in wordpress servers, that cause compromise of 15000 wordpress account and hacker managed to post same spam article of " Money making sites " with title - " Im getting paid! " on each blog. We explained how hacker was earning in thousands of dollars by just sharing his Referral link on all these hacked sites. The campaign include some malicious domains where hacker is redirecting all readers and service from a well known email marketing company - Getresponse . Using the same dork -- site:wordpress.com "Im getting paid!" , today we tried to find out number of hacked accounts and once again another shocking number - its 59300 blogs in compromised list on 2nd day of hacking campaign. So many blogs have been compromised without any known method and wordpress team still not in action. As mentioned in last article, yesterday I tried to contact with Getresponse response team whose ...

HBGary chief Aaron Barr's Twitter account hijacked and personal details leaked in revenge for infiltration of hacking collective The loose hacker collective Anonymous says it has taken revenge on aUS security company whose principal claimed to have penetrated the group and identified some of its key people. They hacked the Twitter account of Aaron Barr, the chief executive of HBGary, and sent out a series of angry tweets while many Americans were watching the Super Bowl match on Sunday night, allegedly including Barr's social security number and address, and his mobile phone number. The tweets link to torrents of the company's emails. Members of the group also put up a brutal set of claims: "Anonymous has: "entire control of all emails for the company of hbgary.com. we have full admin control of "hbgaryfederal.com. we have wordpress control of hbgary.com "all emails will be put up in a torrent. "full access to all their finincials ...

Roger Ebert Email ID got hacked by Rapt0r - Anonymous Operation #AntiSec Roger Joseph Ebert's Email ID answerman@gmail.com hacked by  Rapt0r for Anonymous Operation #AntiSec.  Roger Joseph Ebert  is an American film critic and screenwriter. He is the first film critic to win a Pulitzer Prize for Criticism. Hacker Get access to his email ID and Email us ( The Hacker News ) from his ID with a message as shown " I am NOT Roger Ebert the famous film critic but I AM a Hacker who got inside his E-Mail account. In fact I have downloaded all his messages, and I am writing this to you from inside his G-Mail account. For full details of this intrusion go to www.HackerLeaks.com where everything will be revealed. ". Hacker claim to download all his emails and offering to expose all data on  www.HackerLeaks.com . We check the given site, but its not working right now. We check the Facebook page of Roger Ebert to verify that is    answerman@gmail....

This Friday I was working with my co-security researcher " Christy Philip Mathew " in +The Hacker News  Lab for testing the Cookie Handling Vulnerabilities in the most famous email services i.e Hotmail and Outlook. Well, both are merged now and part of the same parent company - Microsoft, the software giant.  Vulnerability allows an attacker to Hijack accounts in a very simple way, by just exporting & importing cookies of an user account from one system to attacker's system, and our results shows that even after logout by victim, the attacker is still able to reuse cookies at his end. There are different way of stealing cookies, that we will discuss below. In May 2012, another Indian security researcher Rishi Narang claimed similar vulnerability in Linkedin website. Vulnerability Details Many websites including Microsoft services uses cookies to store the session information in the user's web browser. Cookies are responsible for main...

More than 10,000 Facebook account hacked by TeamSwaSTika Another group of Hackers, self titled Team Swastika, have caused panic amongst Facebook users after releasing the details of 10,000 accounts onto popular text sharing site, Pastebin. Pastebin, usually used to share source code, has frequently been host to a number of text files that contain the details of specific hacks by hackitivists and hacker groups. Team Swastika is just one of these hackitivist groups but claims to be the most powerful hacking team in Nepal. They also said that next target will be Nepal Government website. Facebook hacked account dump: https://pastebin.com/KYsd0j5B (part1) - Removed by Pastebin https://pastebin.com/nN5uDrQS (part2) - Removed by Pastebin