How to steal a Facebook account without being a security expert

Aaron Thompson published his misadventure on Reddit


On June 26 last year Aaron Thompson realized that he could no longer access your Facebook account: the email address and the phone numbers associated with the account had been changed.

In its mailbox Aaron has found an exchange of emails between the Facebook customer support and the intruder who had taken possession of his account.
The intruder, to avoid the two-step verification, said to the customer service that he had lost his mobile phone.

The customer service replies that he had to prove to be the real Aaron Thompson sending a scan of an identity document.


The intruder had responded by sending this fake document:

Image taken from http://motherboard.vice.com/read/how-a-hacker-got-facebook-to-let-him-take-over-someone-elses-account

None of the information on the document was real, except for the name, but it was enough to Facebook for the verifcation of the identity: so it has disable all account protections and permitting to the intruder to taking control.


Thompson has regained ownership of their account after publishing his misadventure on Reddit:


The Facebook reply about the incident was:

“Accepting this ID was a mistake that violated our own internal policies and this case is not the norm.”

All is well that ends well!

Comments