Facebook apparently has a new security flaw discovered by a researcher at a security firm that can allow nearly anyone to hack a Facebook account with ease. This security flaw can now be exploited by a simple tool that the researcher, whose name is Egor Homakov, created called the “Sakurity Reconnect Tool“, which was released last week according to the website “Facecrooks“.
Why Did Sakurity Release This Tool?
Egor Homakov states that the reason he released this tool to the public is because Facebook refused to fix the security flaw in January of 2014 because it “would have disrupted the login feature’s compatibility with many websites”. In other words, Facebook didn’t see the security flaw as important enough to patch. After the company (Sakurity) heard this, they released the Reconnect tool to the world a year later, presumably to force Facebook to patch this security flaw once they see script-kiddies and teenagers using the tool to hack a Facebook account any time they want.
So far, Facebook’s onyl reaction to the security flaw is that they are, “aware of the flaws Homakov is taking advantage of, and if sites that use the Login feature take the proper steps to protect themselves they should not have any issues”.
How The Sakurity Reconnect Tool Works
According to the Sakurity Reconnect page, The Sakurity Reconnect Tool works by generating fake and malicious URLs for the Facebook login pages on website like Mashable, Vimeo, and Stumbleupon that the black hat hacker or script-kiddie can send to their victims. When these URLs are clicked, they log users out of their own Facebook accounts and into fake accounts set up by the hackers, which then links the two accounts (the malicious account and the victim’s account), allowing the perpetrator to control their victim.
This works through a Canvas application, which are pages that are loaded within Facebook. The Canvas application will usually make an endeavour to log the user into their real account, but with the Sakurity Reconnect Tool, this attempt is redirected to log the user into the hacker’s fake account.
This will then provide the hacker an opportunity to gain access to the victim’s real Facebook account so that they can change passwords, read messages, spam, or create posts while posing as the owner of the account.
What You Can Do To Protect Your Facebook Account
Since anyone can now hack a Facebook account because of the Reconnect Tool, it’s best to avoid logging into Facebook through 3rd party websites such as Mashables for a while until the flaw is patched. Inspecting the URL before you log into your Facebook account is also useful to avoid losing your account to a hacker.
Related Articles:
- How Someone Could View Private Facebook Photos In 2015
- Is Imgur Private? When And How Your Photos Are Viewable
- How To View Private Photobucket Photos
Sources:
- IT Pro
- Sakurity Blog
- Facecrooks
- Sakurity
- Facebook Developers