Hack a Facebook account with Reconnect Tool

A security researcher name Egor Homakov who works at security firm name Sakurity released a vulnerability in reconnect tool that enables you to hack Facebook account with the help of ‘reconnect tool’. Now the question is How this tool work? How can we avoid our Facebook account to get hacked?

Egor Homakov discovered that the “Sign-in or Login with Facebook” is the gateway to allowing access to your Facebook account. Those Hackers didn’t get your passward but they can access your account via a third part app like Bit.ly, Mashable, Vimeo, About.me, Stumbleupon, Angel.co and possibly many more.

So avoid using your Facebook account on different platforms, because if you won’t you will eventually be a victim of cyber crime. The most interesting thing about that the Facebook knew about this flaw from a year according to Egor Homakov. But they were not able to fix it because of the large number of sites use this service for their log-in. Because Facebook is still the largest social networking site in the globe.

Egor Homakov provided the step-by-step instruction in a blog post to setup a rogue FB account to which the victims are redirected to after they get tricked to clicking the malicious URLs generated by the attackers with the Reconnect tool.

The flaw abuses the lack of CSRF protection for the following processes:

  • Facebook Log-in.
  • Facebook Log-out.
  • Third Party account connection.

Egor Homakov added that Facebook cannot fix the third issue which is ‘Third party account connection”. It can only be fixed by the website admin who installed the Log-in with Facebook feature in its website. The other two vulnerabilities can be fixed by the Facebook.

The attack allows to link the Facebook account of the attacker to the
victim account on the third-party site, in this way a bad actor is able
to log into that account directly and change its settings (i.e.
password, email addresses).

Egor Homakov explained that the attack is quite easy. It works by creating a link that when clicked on logs the victim out of it account and into a Facebook account under the control of the attacker.it works by creating a link that when clicked on logs the victim out of it account and into a Facebook account under the control of the attacker.

Facebook also released an statement that, ” We’ve also implemented several changes to help prevent log-in CSRF and are evaluating others while aiming to preserve necessary functionality for a large number of sites that rely upon Facebook Log-in,”

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

Security Against Hacks: A Simple Game of Economics

One of the cold hard truths behind cybersecurity is that it's impossible to prevent a hack 100% of the time. It only takes one...

Certain Things That You Must Know About Microsoft MS-500 Exam and Its Practice Tests

If you want to be a Microsoft 365 security administrator, then there would be a number of responsibilities that will fall on your shoulders,...

Quick Ways to Avoid Being Watched by the NSA’s PRISM Program

Big brother is on the watch online. Today, a week hardly passes without news of government spying, whistleblowers, cell phone hacking, or even private photos...

Android Post Exploitation: Exploit ADB using Ghost Framework in Kali Linux

This article is the part of Android Hacking tutorial; it covers step by step guide to exploit Android ADB to get the persistent connection...


Then sign up for FREE to the ehacking’s exclusive group. You will get the exclusive tips/tricks, tutorials, webinars & courses that I ONLY share with my fellow on this exclusive newsletter.