HomeНаука и техникаRelated VideosMore From: Tech Raj

Anyone Can Hack Your Facebook Account with this Security Bug!

400 ratings | 10386 views
So, recently Facebook officially announced that It has found a security bug in its code, which affected almost 50 million accounts. Now yeah the number is pretty big, but what’s worse is the bug itself. Link to official announcement from Facebook about this Bug : https://newsroom.fb.com/news/2018/09/security-update/ So, let me get it straight. This security bug allows anyone to login to anyone else’s Facebook account. Which means I can simply login to Mark Zuckerburg’s Facebook account without having to do anything complex. So what is this bug? How dangerous and how dumb is it? Well, if you guys don’t know about the “View As” tool on Facebook, its basically a tool using which you can see how your profile looks from some other person’s Facebook account, so that you can customise your profile accordingly and you get to know how your profile looks from your friend’s Facebook account. Now, this feature is designed only as a view-as interface, which means it is designed only to let people know how their profile looks like from another person’s account. It does not allow anything else than just viewing the profile. This feature is existing from long back on Facebook. And honestly I never used it anytime, because, I don’t know, I never found it useful, anyways. So what happened is, when you go and use the View As tool, and select a specific person to view your profile. It displays a composer box where you can post something on Facebook. Now in this composer box, there exists a component using which you can post birthday wishes to someone. This component of the composer incorrectly gave the user an option to post a video. So, what’s the big deal if you are given an option to post a video? Obviously, this is not going to affect anyone, because if you do post a video, it is still posted on your timeline only. Well, here is the catch. Facebook released a new version of its video uploader, and this video uploader when used with the view-as option, incorrectly and un-intentionally generated the access token of the Facebook Mobile App. But wait, it is not generating your access token here, it is actually generating the access token of the person who you are using to see your profile with the view-as option. Which means, if I am using the view as option to see how my profile looks from Mark Zuckerburg’s Facebook account, then I am actually getting the access token of the Zuckerburg’s Facebook account! And I can simply find this access token in the html of the page, because it is generated there by the video uploader. And if you don’t know what is meant by an access token, it is simply a string value using which you can login to your Facebook account without having to enter your username and password. So, basically using an access token you get access to a Facebook account without the password. I mean, isn’t it quite shocking how a big company like Facebook had this dumb security bug. Like, seriously using this bug anyone can get access to anyone else’s facebook account by just using the view as tool. Nothing else need to be done. Now Facebook announced that it has actually discovered an external actor who has actually exploited this bug on Facebook. Which means that someone has found this bug before Facebook did, which is a bad thing. So, anyways Facebook has now fixed this bug, and it has also logged out people from their Facebook account to make sure that their old access token will be expired, and can’t be used anymore if in case their account is hacked via this security bug. Credits for the part of the video where I showed the View-As tool demonstration : Super Easy Tech Tips (YouTube channel)





Html code for embedding videos on your blog
Text Comments (36)
Amina Amina (12 days ago)
I am your friend Amina you sent videos to me 3 months ago but I did not know how to break
shahid dar (20 days ago)
Cool
Amy Adams (25 days ago)
I contacted Scott and he did a wonderful job for me.
Leticia Jones (25 days ago)
Yes a very good hacker.. WhatsApp him +18454020646
? (1 month ago)
There is one more..but I wont tell
هوة شنو الفلم ترة متابعينكم العرب حواوين واكبر مخازي وزمايل ومطاية يشترون من عدكم ويبيعون علينه
Fabrice Mwizerwa (1 month ago)
how to hack any phone by using MAC address?
joy franco (1 month ago)
hi raj i need your help
zeb tricks (1 month ago)
I'm blocked from doing something on Facebook, like posting, sharing or commenting. 30 days please help me
minhuz rakib (1 month ago)
This video does not help in any way, it's a little scary
Krish sangma (1 month ago)
Please don't waste out tine in which we can't be reach Or hack.... Upload the useful video....
kalash mendiratta (1 month ago)
Hacking videos by android pls
cool shou (1 month ago)
How to understand the tech in such easy way ? How did you learn about tech so easily ?
Ranjay Yadav (1 month ago)
Hello bro plz tell me the fastest way to hack WPA/WPA 2 personal WiFi
freeman guess (1 month ago)
Deliberate back doors until someone discovered it
Nagaraj Cruze (1 month ago)
How can you use view as feature from mark Zuckerberg's account? To view your profile, I can't understand this
Syarif Uddin (1 month ago)
Please teach me... How to hack acc Instagram?
Cyber Freak (1 month ago)
Bro first of all, good speech mean the way of voice delivering English pronunciation
Dve Ram (1 month ago)
Very good insight dude 👌
K Sreenivas (1 month ago)
Please make video on mac book air 2017 review please bro... Chala rojula nunchi aduguthunna
Ninja Assassin (1 month ago)
Nice bro..
Bhashana Harischandra (1 month ago)
According to Raj, WTF = What The Facebook
Anusha anu (1 month ago)
🤣
Amazing (1 month ago)
😂😂😂😂😂
Banti Pobia (1 month ago)
The way you explain is great.👍 Nice videos.
King of the Morning. (1 month ago)
You cannot use an access key instead of passwords as told and demonstrated in a previous video explanation by yourself. 👍
muffy tandih (1 month ago)
10th watchet
m siddu (1 month ago)
Anna oka video App development meeda cheyyi anna
RANISH Rana (1 month ago)
You mentioned about uploading practical videos in the new platform please let us know when you're uploading them
S.L TECH Tube (1 month ago)
Ohh .....why i didnt think about it before ??? then im the security manager of facebook company 😂👈
Ardo Rianda (5 days ago)
S.L TECH Tube seriously?? Can you help me? I can't login to my old account. I can make you believe that the account is mine
chinna 98 (1 month ago)
Good news
Deepanshu Devaliya (1 month ago)
Hey tell me a source to learn ethical hacking, from beginning to advanced.
Air Crash (1 month ago)
Deepanshu Devaliya Internet 😂 lol
Anish Biswas (1 month ago)
2nd
Pravin tamil (1 month ago)
1st view 😀

Would you like to comment?

Join YouTube for a free account, or sign in if you are already a member.