Whenever a user Forgets their password on Facebook, they have an option to reset the password by entering their phone number and email address on. I was able to view messages, their credit/debit cards stored under their payment section, personal photos, and other private information.įacebook acknowledged the issue promptly, fixed it, and rewarded me with a US $15,000 bounty based on the severity and impact of this vulnerability. This gave me full access to other users account by setting a new password.
This post is about a simple vulnerability I discovered on Facebook which I could have used to hack into other users’ Facebook accounts easily and without any user interaction. I am publishing this with the permission of Facebook under the responsible disclosure policy. By AppSecure I figured out a way to hack any of Facebook’s 2 billion accounts, and they paid me a $15,000 bounty for it
