Hackers get access to someone else’s Facebook account by tricking the social networking giant itself
Hackers fool Facebook users through social engineering and phishing to hand over their login credentials but what would you do when Facebook itself is fooled to hand over access to your account to a hacker ? Shocking right?
That’s what happened when a hacker deceived Facebook gained access to someone else’s account. The hacker posing as a user reportedly got in touch with Facebook to seek assistance to access his account, as he was unable to do so. He provided them with a fake ID and requested the tech giant to turn off login approvals. It was no surprise that the hacker was able to get Facebook to grant access to the account.
The victim in question is Aaron Thompson, a 23-year-old Michigan resident, who woke up on June 27 to find himself locked out of his own Facebook account, with the email address and phone numbers that were associated with it had been changed, according to a report by Motherboard. When panicked Thompson checked out his email and figured out what happened. On checking his email, Thompson found was a series of email between Facebook’s customer support and the hacker who had got control of his account.
“Hi. I don’t have anymore access on my mobile phone number. Kindly turn off code generator and login approval from my account. Thanks,” the hacker, posing as Thompson pretended to have lost access to the phone linked to the account, told the tech giant. Facebook’s automated response informed the hacker that if he couldn’t get in by using Code Generator (part of Facebook’s two-factor authentication system) the only other way was to send a photo ID to prove this was really Aaron Thompson. The hacker then sent what looks like a scanned photo of a fake passport.
That scanned image was also forwarded to Thompson’s email account with the response: “Thanks for verifying your identity. You should now be able to log into your account. We’ve also turned off login approvals to help prevent you from getting locked out of your account again in the future.”
According to Thompson, none of the details other than the name in the passport were accurate. Apparently, the fake image was then accepted by Facebook as sufficient proof and got the hacker complete control over Thompson’s Facebook account.
Upon discovering the scam, Thompson attempted to contact Facebook, in efforts to get back control of his account. He informed the tech giant that he was in fact the owner of the account and that previous emails and the passport ID had not been sent by him but the imposter.
“Please look further into this, it will be easy to see the account has been hacked. They sent a fake ID to Facebook’s help team to reset the email, and password,” he wrote.
Thompson, who claimed to have several pages on his Facebook account, which he used for business purposes, was reported feeling “pretty devastated” at having his online identity breached in such a way.
“It’s blatant harassment,” he said.
Thompson also claimed that the hacker allegedly contacted a few of his friends and even his fiancé, who he sent obscene pictures, called her names and even asked for nude pictures. He spent almost an entire day trying to get back control of his account and went to Reddit to explain his frustration.
However, the good news is that Facebook has understood their mistake and gone ahead by securing Thompson’s accounts and pages, and is also working on re-establishing his regular access. A Facebook spokesperson admitted: “Accepting this ID was a mistake that violated our own internal policies and this case is not the norm.”
In the end, this incident only highlights no matter how many security measures you put on your online accounts, it can by fairly simply bypassed by cybercriminals by creating mayhem on innocent victims.