How a Hacker Got Facebook to Let Him Take Over Someone Else’s Account


A redacted copy of the fake passport the hacker sent to Facebook. Image: MOTHERBOARD
Who needs sophisticated hacking exploits and tricks to break into someone else’s Facebook account when you can just ask to be let in?

By Lorenzo Franceschi-Bicchierai | MOTHERBOARD

On Monday, Aaron Thompson, a 23-year-old from Pontiac, Michigan, noticed that he couldn’t log into his own Facebook account and that the email and phone numbers associated with his account had been changed. That’s when, as he told me, he ”panicked for a bit.”

At that point, he checked his email and figured out what was happening. Sitting in his inbox, there was an email chain between Facebook’s customer support and the hacker who had gotten control of his account.

“Hi. I don’t have anymore access on my mobile phone number. Kindly turn off code generator and login approval from my account. Thanks,” the hacker, posing as Thompson and pretending to have lost access to the phone linked to the account, told Facebook.

Facebook’s automated response informed the hacker that if he couldn’t get in by using Code Generator (part of Facebook’s two-factor authentication system) the only other way was to send a photo ID to prove this was really Aaron Thompson.

read more