Skip to content

Information Security News

  • Home
  • Cyber Security
  • Cybercriminals
  • Data Leak
  • Google
    • Android
  • Information Security
  • Linux
  • Malware
  • Microsoft
    • Windows
  • Open Source Tool
  • Vulnerability
  • Technology

Information Security News

  • Home
  • Cyber Security
  • Cybercriminals
  • Data Leak
  • Google
    • Android
  • Information Security
  • Linux
  • Malware
  • Microsoft
    • Windows
  • Open Source Tool
  • Vulnerability
  • Technology
  • Vulnerability

Researcher Details 0-Click Facebook Account Takeover Vulnerability

by Nam Phong · March 6, 2024

Nepalese cybersecurity researcher Samip Aryal made history by identifying a vulnerability in Facebook’s password reset system that allowed a malefactor to seize any account without any action from the victim.

Aryal’s discovery not only earned him an unprecedented reward from the company but also secured him a top position in Facebook’s Hall of Fame among white-hat hackers for the year 2024. The amount of the reward, however, remains undisclosed.

Aryal revealed that Facebook’s password reset feature lacked a limit on the number of attempts to request a code, enabling attacks without user intervention. An attacker could initiate a password reset request and brute-force the six-digit security code.

Aryal’s investigation demonstrated that when resetting passwords through Android Studio, users were prompted to receive a security code via a Facebook notification. Remarkably, the code remained valid for two hours, even after multiple unsuccessful entry attempts. Aryal noted that, unlike SMS-based resets, the code was not invalidated after several erroneous attempts.

By employing brute-force methods, Aryal managed to test all possible code combinations within an hour, uncovering a vulnerability that allowed the code to be displayed directly in the notification without needing to click on it. Aryal reported the flaw to Facebook on January 30, 2024, and by February 2, the issue had been resolved.

Related coverage

  • AirDrop and Quick Share Vulnerabilities Exposed
  • Adblock for YouTube Hides Dangerous Extension Architecture
  • Linux “pedit COW” Vulnerability Turns Local Users Into Root Without Touching Disk
  • Cisco Unified Servers Face Active CVE-2026-20230 Exploitation
  • Squidbleed Vulnerability Exposes Legacy Proxies

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee Logo Buy Me a Coffee PayPal
Crypto QR Code
USDT (TRC20):
TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm
USDT (ERC20):
0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce

Tags: 0-Click Facebook Account TakeoverFacebook Account Takeover

Follow:

  • Next story ChatGPT Users Hacked: Credentials Sold on Dark Web
  • Previous story CVE-2024-27198 and CVE-2024-27199: Critical Security Flaws Affecting TeamCity On-Premises

  • Recent Posts
  • Popular Posts
  • Tags
  • HSIN platform cyberattack showing breached DHS data sharing network and incident response Hospecs hotel data breach

    Malware

    DHS Investigates Critical HSIN Platform Cyberattack

    July 2, 2026

  • Nidec ransomware attack impact on server infrastructure and supply chain security

    Malware

    Nidec Ransomware Attack Impacts Taiwanese Subsidiary

    July 2, 2026

  • Libya central bank breach dark web data leak

    Data Leak

    Libya Central Bank Breach Leaks Internal Data

    July 2, 2026

  • Temu data leak claim forum listing screenshot

    Data Leak

    Temu Data Leak Claim: 310M Records for Sale

    July 2, 2026

  • NAIC PeopleSoft cyberattack flowchart showing ShinyHunters data breach impact on insurance assets

    Data Leak

    NAIC PeopleSoft Cyberattack: ShinyHunters Claims Massive Breach

    July 2, 2026

  • SIM swapping gang arrested by Polish CBZC police with FBI and HSI support over crypto theft and money laundering Transport for London hack guilty plea by two Scattered Spider members at Woolwich Crown Court

    Cybercriminals

    Poland Busts SIM Swapping Gang Behind Crypto Theft

    July 1, 2026

  • OpenSUSE Leap 15.4 Beta releases, Linux distributions

    Linux

    OpenSUSE Leap 15.4 Beta releases, Linux distributions

    May 30, 2020

  • Ubuntu 16.04.6 LTS released: fix security vulnerabilities

    Linux

    Ubuntu 16.04.6 LTS released: fix security vulnerabilities

    March 1, 2019

  • GhostBSD 23.10.1 released, FreeBSD distribution

    Linux

    GhostBSD 23.10.1 released, FreeBSD distribution

    May 1, 2020

  • Solus 4.4 Fortitude releases, Linux distribution

    Linux

    Solus 4.4 Fortitude releases, Linux distribution

    January 26, 2020

  • AI AI security Android Apple APT BOTNET China CISA cloud security cryptocurrency cyberattack cybercrime Cyber Espionage cybersecurity Cybersecurity 2026 data breach Github google hacking Infosec InfoSec 2026 Infostealer Linux Linux Kernel malware Microsoft network security open source Penetration Testing phishing privacy privilege escalation Prompt Injection ransomware RCE remote code execution security Social Engineering supply chain attack Tech News 2026 threat intelligence vulnerability windows Windows 11 zero-day
  • Home
  • About Us
  • Contact Us
  • DMCA NOTICE
  • Privacy Policy

Information Security News © 2026. All Rights Reserved.

Powered by  - Designed with Hueman Pro