• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 18th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Hacking News

Hacker Shows How to Hack Any Facebook Page; Earns $16k as Bug Bounty

September 17th, 2016 Waqas Hacking News, Security 0 comments
Hacker Shows How to Hack Any Facebook Page; Earns $16k as Bug Bounty
Share on FacebookShare on Twitter
Everyone wants to know how to hack a Facebook page or an account but no one wants to do the hard work — Here’s an Indian hacker who found a critical security flaw in Facebook Business Manager allowing him to hack any Facebook page within 10 seconds.

Arun Sureshkumar, an Indian IT security researcher exposed a critical vulnerability in Facebook business manager allowing attackers to take over any Facebook page – In return Facebook awarded Sureshkumar with 16,000 USD as part of the bug bounty program.

how-to-hack-any-facebook-page-bug-bounty-4

Arun Sureshkumar / Image Source: Facebook

Must Read: Facebook Post Tagging Scam Steals Your Login Credentials

The issue discovered by hacker revolves around Insecure Direct Object Reference, also called IDOR. It refers to when a reference to an internal implementation object, such as a file or database key, is exposed to users without any other access control. In such cases, the attacker can manipulate those references to get access to unauthorized data. In Facebook’s case, IDOR vulnerability in Facebook Business Manager allowed him to take over any Facebook page in less than 10 seconds.

Business Manager actually lets businesses share and control access to their ad accounts, Pages, and other assets on Facebook. Anyone on a business page can see all of the Pages and ad accounts they work on in one place, without sharing login information or being connected to their coworkers on Facebook.

The researcher also mentioned that an attacker could even take over pages like Bill Gates, Narendra Modi , Barack Obama and do whatever kind of damage desired including deleting these pages.

Sureshkumar’s findings:

Sureshkumar made two Facebook business accounts, one as his own and the other for testing purposes. He then added a partner using his own ID and intercepted the request using Burp Suite. After that, he changed the parent business ID with agency ID and asset ID with the page ID he wanted to hack. Once done with changing IDs, the researcher requested manager role on the page.

hacker-shows-how-to-hack-any-facebook-page-earns-16k-as-bug-bounty

In few seconds, Sureshkumar had admin rights on the target page thus allowing him to perform the actions he wanted through the business manager.

Also Read: Some social engineering skills and Facebook will gift your account to hackers

Watch how Sureshkumar was able to hack a Facebook page in no time at all:


[fullsquaread][/fullsquaread]

Related: Hacking Facebook Account by Simply Knowing Account Phone Number

The security flaw was reported to Facebook on 29th August 2016 and lucky for Sureshkumar, while investigating his report; Facebook found and fixed another issue as well. That made the total bug bounty amount higher than those usually paid for page related flaws. As a consequence, he was paid 16,000 USD on the 16th of September this year.

hacker-shows-how-to-hack-any-facebook-page-earns-16k-as-bug-bounty-2

Email conversation shared by Arun

More technical details are available on Arun SureshKumar’s blog.

Did you enjoy reading this article? Kindly do like our page on Facebook, follow us on Twitter and Google + and help us grow.

  • Tags
  • Bug Bounty
  • Facebook
  • Flaw
  • hacking
  • internet
  • Privacy
  • security
  • Social Media
Facebook Twitter LinkedIn Pinterest
Previous article Fancy Bear Hackers Leak More WADA Data; Accuse More Athletes of Doping
Next article Turns out iPhone 5c can be hacked with a $100 hardware
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
'Child's Play' - Kids breach and bypass Linux Mint screensaver lock

'Child's Play' - Kids breach and bypass Linux Mint screensaver lock

Warning as hackers breach MFA to target cloud services

Warning as hackers breach MFA to target cloud services

Google reveals high-profile attack targeting Android, Windows users

Google reveals high-profile attack targeting Android, Windows users

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
'Child's Play' - Kids breach and bypass Linux Mint screensaver lock
Security

'Child's Play' - Kids breach and bypass Linux Mint screensaver lock

904
Transferring data between smartphones seamlessly
Technology News

Transferring data between smartphones seamlessly

619
Infamous cybercrime, carding market Joker's Stash is shutting down
Cyber Crime

Infamous cybercrime, carding market Joker's Stash is shutting down

1146

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us