Flaw In Facebook Account Recovery

Facebook Account Recovery Security Flaw

Facebook , the biggest social networking in the world . No one has been able to produce such site ever . It is not just the best social networking site but also the 2nd ranked site on alexa ranking . It means that it has got the 2nd biggest traffic after the world famous search engine Google.

However , site like Facebook also has got flaws in it . Recently we have discovered that the account recovery option can be used to hack accounts . It's even more easier than the phishing therefore you must know how to protect your account.

Process Which is used to exploit Facebook Account recovery:

You need no software , no knowledge on anything. First of all before anything the hacker creates three fake accounts and makes victim to add them.

This is how the bug works:-

  • The URL is Facebook.com/recover.php
  • One has to enter the username of the account he wants to access . It would be written in the second bar:-
    Facebook Recovery Password

  • And then proceeds. Facebook will give them victim account and will give them first, middle and last letter of the account's id. They have to click the option No longer have access to these which would be given under the id of the account:Facebook Recovery Password Flaw

  • Then Facebook asks to enter new email. Can enter an email of their own.
  • It then takes to the last step which is of sending a recovery code to the trusted fake-added friends. As they have already added three three fake accounts, now they can send recovery code to fake accounts .
  • Then they go to the id of each fake account get the code enter it and get victim's account in their hand.

Countermeasure (So, that our readers may not fall prey of such attacks):-

  1. First of all do not let any one add three fake accounts even if the person is your best friend.
  2. Always have a check on your friends and keep on checking which is faker and which is real.


  1. Connect your facebook profile with the phone number and always keep a check on your phone number as any one can recover your account after getting physical access to your phone number.