Security researcher finds Vulnerability in Facebook which could delete any Facebook account but Facebook refuses to pay bounty
Follow us socially to get News Fast:
Home / Security Researchers / Ehraz Ahmed / Security researcher finds Vulnerability in Facebook which could delete any Facebook account but Facebook refuses to pay bounty

Security researcher finds Vulnerability in Facebook which could delete any Facebook account but Facebook refuses to pay bounty

Before reading any posts on HNB, we would like to tell you that every post here is for your online security, safety or for awareness, and we do not teach hacking through our articles, if you find something which is being used to damage your online property or something like that, REPORT HERE.

UPDATE: The Vulnerability Ehraz Ahmed found was FAKE, Facebook says to computer world:

This is not a real bug. We’ve audited our code to verify that there’s no variant of the proposed exploit that works against this endpoint or any other that we’ve found. Furthermore, we’ve verified in our logs that the ‘test account’ being used in the demonstration video was manually deactivated by visiting https://www.facebook.com/deactivate.php.”

A security researcher from INDIA named Ehraz Ahmed claims that he found a vulnerability by which anyone could use that to delete any Facebook account, he sent an email to us about his latest BUG.

Here is the complete process, he used to delete a facebook account:

Vulnerable Link:

https://www.facebook.com/ajax/whitehat/delete_test_users.php?
fb_dtsg=AQA1E-WE&selected_users[0]=[Victems Profile ID]&__user=[Attackers Profile ID]&__a=1

We can get the profile id by using
http://graph.facebook.com/[username]

Here [username] indicates the username of your facebook profile!

In this Demo we will be using a test profile
Name: Rahul Agnikotri
https://www.facebook.com/hexgroup ( Victems profile) ( this is my test profile)

We can remove any account in Facebook even it is of Mark Zuckerberg or any celebrity

  • Attackers profile id = 1781913563

  • Victems profile id = 100001831297334


https://www.facebook.com/ajax/whitehat/delete_test_users.php?
fb_dtsg=AQA1E-WE&selected_users[0]=100001831297334&__user=1781913563&__a=1

He also uploaded a Video Demonstration of this Vulnerability:

Remote Facebook Account Exploit from Ehraz Ahmed on Vimeo.

He also reported that to Facebook and seems to be recovered at this time. After he reported this harmful BUG to facebook, they replied him that “The bug only works for test accounts” but we also checked out the cache version of the account he deleted and found that the account was not a test one, Ahmed (Security Researcher) also told us the account he deleted was 2 years old.

Last Month a researcher from Palestine hacked Mark Zuckerberg’s timeline to report a BUG and he was also one of them who was not awarded by Facebook because he violated the Terms by hacking Zuckerberg’s timeline.

ALSO READ- How The Zuckerberg’s timeline hacker got hacked by a 17 Years old boy

About Praveen Kashyap

Praveen KashyapI am blogging for news related to hacking, hackers, security, tips, tricks and about many more... from 2011. Also making you aware about latest online threats, hope I am doing my best, meet me on various social platforms.
  • Follow Me:
  • google-plus twitter like button facebook like button

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

  • Moncef Morocco

    how i can get this “Attack profil id” pls

Scroll To Top