Skip to main content

Posts

Showing posts from March 8, 2020

10 Yr-Old Facebook Bug Allow Hackers to Steal Access Token & Hijack Anyone’s Facebook Account – 55,000$ Bounty Rewarded

A researcher discovered a critical Account takeover vulnerability in Facebook’s Authorization feature “Login with Facebook” and, it allowed attackers to steal the Access_Token and completely take over the victim’s Facebook account. Facebook using  OAuth 2.0  as an Authorization protocol that helps to exchange the token from Facebook and other third party websites. The vulnerability resides in the “Login with Facebook” feature that allowed attackers to set up a malicious website, and steak the Access token for several apps including Instagram, Oculus, Netflix, Tinder, Spotify, etc along with Facebook accounts. Once the attacker compromised the targeted accounts using the stolen tokens, he/she could able to gain full read/write privileges such as messages, photos, videos even if privacy control is set to the “only me”. Indian Security Researcher  Amol Baikar   who found this Vulnerability told  GBHackers on Security  ” This critical Faceboo...

Virgin Media Data Leak Exposes Details of 900,000 Customers

On the same day yesterday, when the US-based telecom giant  T-Mobile admitted a data breach , the UK-based telecommunication provider Virgin Media announced that it has also suffered a data leak incident exposing the personal information of roughly 900,000 customers. What happened? Unlike the T-Mobile data breach that involved a sophisticated cyber attack, Virgin Media said the incident was neither a cyber attack nor the company's database was hacked. Rather the personal details of around 900,000 Virgin Media UK-based customers were exposed after one of its marketing databases was left unsecured on the Internet and accessible to anyone without requiring any authentication. "The precise situation is that information stored on one of our databases has been accessed without permission. The incident did not occur due to a hack, but as a result of the database being incorrectly configured," the company said in a  note published  on its website on Thursday night. Accord...