Recently, a critical vulnerability in Facebook was discovered that enables the attackers to hack Facebook pages with a single click. This vulnerability implies that an attacker can behave like an “Admin” of any Facebook Page by handling the “Admin” of the targeted Page utilizing the Social Engineering.
The security researcher, Nitin Pandey has claimed that hacking a Facebook page is relatively easy by social Engineering, and to explain it, Nitin has described the whole procedure in details; here it is mentioned below:-
- First, you have to browse through “https://business.facebook.com/.”
- Then here you have to log in with your Facebook account to access the Facebook Business portal.
- Now you have to select the “Business settings” option from the More Tools section.
- After that now you have to add your Page, as shown in the image below, by selecting the “Add button” (in blue color), and then you have to select the “Request access to a Facebook Page” option.
- Now once you did the above step, here you have to select your primary page to make the request, and then click the “Next” button.
- Here, you have to type the name of the page that you want to target and want to request access.
- In this point in the “Admin Access” section area, you have to activate the “Manage Page” option and then click on the “Request Access” option.
- After performing the above step, your request will go to the Admin of the targeted Facebook Page.
- Let’s just think that a threat actor creates a Facebook Page with a name so as “Facebook Verification,” or they have created it with any other name to represent an authoritative request.
- Once the threat actor did with creating a Facebook page, then the “Page Access Request” approaches to the admin of the targeted Page.
- Here, in this case, if the threat actor has smartly designed the fake Facebook Page, then the admin can undoubtedly consider that the request has come from an authoritative and trustworthy source.
- Now, once the Admin “Accepts the request,” the threat actors will get admin access to the targeted page. Here, to explain the scenario, the threat actor Nitin Pandey used his own pages, “Hackers Day” and “Soft Yug.”
- In the next step, Nitin used Soft Yug to send the “Page Access Request.”
- Once sent, and the victim accepts the request, the “Hackers Day” will become the “Admin” of the targeted Page.
- That’s it.
We said above that it is relatively easy to hack the Facebook pages with the help of social engineering. In this operation, the threat actors can remove the real admin and distribute posts on the hijacked Page.
Not only this, but the threat actors can also read or send messages from the hacked account. All this information clearly states that how an attacker can efficiently manipulate any Page Admin by arranging a good “Social Engineering” tactic.
Good Social Engineering is the “Most Powerful” initiative, even nowadays, we have encountered that how the celebrities’ Twitter Accounts get Hacked.