Locking Your Friend's Facebook Account
Locking Your Friend's Facebook Account2
If we add a friend into many facebook groups then his account gets locked. We are not allowed to join multiple groups at a time as a result the friends account gets locked but nothing happens to attacker's account.
Working of the extension:
We are not allowed to join many groups at a time, and if we join then facebook banning system locks the account. So if we forced someone to join many groups then his account will be locked. I used this logic to code a chrome extension. I named that extension as "Facebook Account Locker"Facebook account locker extension forces the friend's account to join many groups and friend's account is locked by facebook banning system.
In the videos given above I added my two testing accounts into more than 600 facebook groups in less than 5 seconds. Nothing happened to attacker's account but victim's account was locked up and was restricted from accessing some facebook features.
This trick can be used for locking newly created facebook accounts it takes just 5 seconds and the account is locked up. I have tested this on many victim accounts from the same attacker account, in all the cases nothing happened to attacker account and victim account got locked up.we need to be a member. If we are not a group member then we cannot add anyone in the group. Script uses only one UserID and only one friendID and ads single friend
into more than 500+ groups.
Positive response from Facebook security team:
After investigating, facebook security team closed the report:
Hi Dinesh,
Thanks for submitting this to us. I've checked with our Site Integrity team and they've confirmed the behavior you're describing.
In order to allow us to deal with spam and abuse effectively, we have a system which lets us define policies and take actions based on them. These actions can include blocking accounts from particular features, sending warning messages to users, etc. These policies are defined to handle particular instances of abuse that we're observing on the site.
In this case, we're detecting when users with fairly new accounts join lots of groups and start posting: that's a signal used to stop spam in our Groups product. Users who hit this policy are enrolled in a checkpoint and limited from posting in groups temporarily. As you describe, it is possible to add a fairly new user who you are friends with to many groups, which means the policy will trigger when they post. While this would be inconvenient for a user, that user always has the ability to complete the checkpoint to regain access to their account. We may make changes to this policy in the future to further refine it and prevent abuse, but we do not feel that the current policy poses a security or privacy risk.
Although this issue does not qualify as a part of our bounty program we appreciate your report. We will follow up with you on any security bugs or with any further questions we may have.
Thanks,
This time I missed the bounty payout but I hope my next bug report will be eligible for a financial reward and name mention. Thanks for reading!
Feel free to read about my other bug reports:
Post on Hidden Facebook Timelines
How To Download Paid Chrome Extensions, Apps and Themes For Free
Update: I tested the extension after reporting the bug and found that it is still working.
You can buy the extension using the button given below. I can't guarantee that extension will work everytime, it depends on the victim's account.
Locking Your Friend's Facebook Account
Locking Your Friend's Facebook Account2
If we add a friend into many facebook groups then his account gets locked. We are not allowed to join multiple groups at a time as a result the friends account gets locked but nothing happens to attacker's account.
Working of the extension:
We are not allowed to join many groups at a time, and if we join then facebook banning system locks the account. So if we forced someone to join many groups then his account will be locked. I used this logic to code a chrome extension. I named that extension as "Facebook Account Locker"Facebook account locker extension forces the friend's account to join many groups and friend's account is locked by facebook banning system.
In the videos given above I added my two testing accounts into more than 600 facebook groups in less than 5 seconds. Nothing happened to attacker's account but victim's account was locked up and was restricted from accessing some facebook features.
This trick can be used for locking newly created facebook accounts it takes just 5 seconds and the account is locked up. I have tested this on many victim accounts from the same attacker account, in all the cases nothing happened to attacker account and victim account got locked up.we need to be a member. If we are not a group member then we cannot add anyone in the group. Script uses only one UserID and only one friendID and ads single friend
into more than 500+ groups.
Positive response from Facebook security team:
After investigating, facebook security team closed the report:
Hi Dinesh,
Thanks for submitting this to us. I've checked with our Site Integrity team and they've confirmed the behavior you're describing.
In order to allow us to deal with spam and abuse effectively, we have a system which lets us define policies and take actions based on them. These actions can include blocking accounts from particular features, sending warning messages to users, etc. These policies are defined to handle particular instances of abuse that we're observing on the site.
In this case, we're detecting when users with fairly new accounts join lots of groups and start posting: that's a signal used to stop spam in our Groups product. Users who hit this policy are enrolled in a checkpoint and limited from posting in groups temporarily. As you describe, it is possible to add a fairly new user who you are friends with to many groups, which means the policy will trigger when they post. While this would be inconvenient for a user, that user always has the ability to complete the checkpoint to regain access to their account. We may make changes to this policy in the future to further refine it and prevent abuse, but we do not feel that the current policy poses a security or privacy risk.
Although this issue does not qualify as a part of our bounty program we appreciate your report. We will follow up with you on any security bugs or with any further questions we may have.
Thanks,
This time I missed the bounty payout but I hope my next bug report will be eligible for a financial reward and name mention. Thanks for reading!
Feel free to read about my other bug reports:
Post on Hidden Facebook Timelines
How To Download Paid Chrome Extensions, Apps and Themes For Free
Update: I tested the extension after reporting the bug and found that it is still working.
You can buy the extension using the button given below. I can't guarantee that extension will work everytime, it depends on the victim's account.
by Jillur Rahman
Jillur Rahman is a Web designers. He enjoys to make blogger templates. He always try to make modern and 3D looking Templates. You can by his templates from Themeforest.
Follow him @ Twitter | Facebook | Google Plus
No Comment