10 Yr-Old Facebook Bug Allow Hackers to Steal Access Token & Hijack Anyone’s Facebook Account – 55,000$ Bounty Rewarded
A researcher discovered a critical Account takeover vulnerability in Facebook’s Authorization feature “Login with Facebook” and, it allowed attackers to steal the Access_Token and completely take over the victim’s Facebook account. Facebook using OAuth 2.0 as an Authorization protocol that helps to exchange the token from Facebook and other third party websites. The vulnerability resides in the “Login with Facebook” feature that allowed attackers to set up a malicious website, and steak the Access token for several apps including Instagram, Oculus, Netflix, Tinder, Spotify, etc along with Facebook accounts. Once the attacker compromised the targeted accounts using the stolen tokens, he/she could able to gain full read/write privileges such as messages, photos, videos even if privacy control is set to the “only me”. Indian Security Researcher Amol Baikar who found this Vulnerability told GBHackers on Security ” This critical Faceboo...