Mauritania hackers have claimed to have exploited the vulerability in Facebook which would expose the facebook account details.The exploit hijacks the facebook session and can be used against any user accounts.
How it works?
It uses the facebook token from which you can access to another account or view Data given by your friend , or by an admin of a page or an application.
Facebook `ci_sessions` is the Log sent by “login.facebook.com” to other servers that are used by Facebook Plugins or Modules .
And it has all parameters of the Logins of Accounts used by Most of the Websites and the best thing is that the Hash password is in MD5 (ASCII Text) that mean that it can be decrypted.
Thus giving the parameters that can be easily exploited:-
-
*fb_apiid
-
*fb_apikey
-
*fb_secret (Password of the Account in Hash MD5)
-
*fb_accesstoken
-
*fb_uservisitor
-
*facebook_id
-
*facebook_name
-
*facebook_first_name
-
*facebook_last_name
-
*facebook_link
-
*facebook_username
-
*facebook_hometown (tracer)
-
*facebook_location (tracer)
Any hacker with the above information and a simple script can easily hack any Facebook accounts. The hackers have already posted the data of some the Facebook users using the exploit and can be found with the detail exploit details online.