Facebook Fixes Password Bug

After a researcher found a bug that would allow hackers to change users’ Facebook passwords and gain access to their profiles, ZDNet reported Tuesday that the company has patched up this issue.

Researcher Sow Ching Shiong discovered a password reset vulnerability on Facebook, pointing out that hackers could change the passwords of Facebook users without needing to know the original passwords. Hackers could then visit the main Facebook page to reset passwords once accounts were hacked, which would redirect them to pages that include the user names of the Facebook profiles.

Hackers could then supposedly enter in another user name, change the password, and gain access, Sow wrote:

In normal circumstances, an authenticated Facebook user is required to enter his/her current password on the change password page to prevent an unauthorized person from changing the password without the user’s knowledge.

According to Sow and ZDNet, Facebook has fixed this issue. Now when you go to Facebook.com/hacked, the username is nowhere in the URL.

Readers: Have you ever been hacked?

Lock image courtesy of Shutterstock.

Related Stories
Mediabistro Course

Facebook Marketing

Facebook MarketingStarting Janaury 13, work with the group marketing manager of social media at Microsoft/BingAds to build a fan base and grow your business on Facebook! In this course, Geoffrey Colon will teach you how to set up and enhance your company page, understand best practices and measuring your success, execute a monthly content strategy, and incorporate Facebook into your overall marketing efforts. Register now!