Hack a Facebook account with Reconnect Tool

A security researcher name Egor Homakov who works at security firm name Sakurity released a vulnerability in reconnect tool that enables you to hack Facebook account with the help of ‘reconnect tool’. Now the question is How this tool work? How can we avoid our Facebook account to get hacked?

Egor Homakov discovered that the “Sign-in or Login with Facebook” is the gateway to allowing access to your Facebook account. Those Hackers didn’t get your passward but they can access your account via a third part app like Bit.ly, Mashable, Vimeo, About.me, Stumbleupon, Angel.co and possibly many more.

So avoid using your Facebook account on different platforms, because if you won’t you will eventually be a victim of cyber crime. The most interesting thing about that the Facebook knew about this flaw from a year according to Egor Homakov. But they were not able to fix it because of the large number of sites use this service for their log-in. Because Facebook is still the largest social networking site in the globe.

Egor Homakov provided the step-by-step instruction in a blog post to setup a rogue FB account to which the victims are redirected to after they get tricked to clicking the malicious URLs generated by the attackers with the Reconnect tool.

The flaw abuses the lack of CSRF protection for the following processes:

  • Facebook Log-in.
  • Facebook Log-out.
  • Third Party account connection.

Egor Homakov added that Facebook cannot fix the third issue which is ‘Third party account connection”. It can only be fixed by the website admin who installed the Log-in with Facebook feature in its website. The other two vulnerabilities can be fixed by the Facebook.

The attack allows to link the Facebook account of the attacker to the
victim account on the third-party site, in this way a bad actor is able
to log into that account directly and change its settings (i.e.
password, email addresses).

Egor Homakov explained that the attack is quite easy. It works by creating a link that when clicked on logs the victim out of it account and into a Facebook account under the control of the attacker.it works by creating a link that when clicked on logs the victim out of it account and into a Facebook account under the control of the attacker.

Facebook also released an statement that, ” We’ve also implemented several changes to help prevent log-in CSRF and are evaluating others while aiming to preserve necessary functionality for a large number of sites that rely upon Facebook Log-in,”

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

How to Install Kali Linux on VirtualBox [Windows Host] in 2020

Kali Linux is a Debian based Linux distribution, released on the 13th March 2013 as a complete rebuild of BackTrack Linux. It is one of...

Acunetix v13 Release Introduces Groundbreaking Innovations

The newest release of the Acunetix Web Vulnerability Scanner further improves performance and premieres best-of-breed technologies London, United Kingdom – February 5, 2019 – Acunetix,...

What is Ethical Hacking, how to be an Ethical Hacker

Hacking is the process of discovering vulnerabilities in a system and using these found vulnerabilities by gaining unauthorized access into the system to perform...

Basic steps to ensure security Online!

Security concerns are growing day by day due to the growing interconnectivity and technology. Drastic things can happen if you be a little careless...