Hack a Facebook account with Reconnect Tool

A security researcher name Egor Homakov who works at security firm name Sakurity released a vulnerability in reconnect tool that enables you to hack Facebook account with the help of ‘reconnect tool’. Now the question is How this tool work? How can we avoid our Facebook account to get hacked?

Egor Homakov discovered that the “Sign-in or Login with Facebook” is the gateway to allowing access to your Facebook account. Those Hackers didn’t get your passward but they can access your account via a third part app like Bit.ly, Mashable, Vimeo, About.me, Stumbleupon, Angel.co and possibly many more.

So avoid using your Facebook account on different platforms, because if you won’t you will eventually be a victim of cyber crime. The most interesting thing about that the Facebook knew about this flaw from a year according to Egor Homakov. But they were not able to fix it because of the large number of sites use this service for their log-in. Because Facebook is still the largest social networking site in the globe.

Egor Homakov provided the step-by-step instruction in a blog post to setup a rogue FB account to which the victims are redirected to after they get tricked to clicking the malicious URLs generated by the attackers with the Reconnect tool.

The flaw abuses the lack of CSRF protection for the following processes:

  • Facebook Log-in.
  • Facebook Log-out.
  • Third Party account connection.

Egor Homakov added that Facebook cannot fix the third issue which is ‘Third party account connection”. It can only be fixed by the website admin who installed the Log-in with Facebook feature in its website. The other two vulnerabilities can be fixed by the Facebook.

The attack allows to link the Facebook account of the attacker to the
victim account on the third-party site, in this way a bad actor is able
to log into that account directly and change its settings (i.e.
password, email addresses).

Egor Homakov explained that the attack is quite easy. It works by creating a link that when clicked on logs the victim out of it account and into a Facebook account under the control of the attacker.it works by creating a link that when clicked on logs the victim out of it account and into a Facebook account under the control of the attacker.

Facebook also released an statement that, ” We’ve also implemented several changes to help prevent log-in CSRF and are evaluating others while aiming to preserve necessary functionality for a large number of sites that rely upon Facebook Log-in,”

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

Top 5 Techniques Hackers Use to hack Social Media Accounts

These days, Social Media have become a significant need in our everyday life. It encourages us to associate and connect with anyone over the...

5 Top Programming Languages for Hacking

We live in the 21st century, which is very fast-changing. This is a century of competition for information and computing resources. Every year the...

OSINT Tutorial to Track An Aircraft And Flight Information In Real-Time

No doubt Internet is said to be the world's largest repository of data and information. It contains an enormous amount of data related to...

Preventing SQL Injection in PHP Applications

SQL injection is one of the most common cybersecurity threats and as the name suggests, it is a form of injection attack. Injection attacks, on...