| Claim | Actual Behavior | |-------|------------------| | “Connects to Facebook API exploit” | No network activity to Facebook.com | | “Bruteforce with 10,000 combinations/sec” | Simply displayed a fake progress bar | | “Returns password in popup” | After 30 seconds, showed “Password not found – retry?” (social engineering to collect victim’s own password via fake prompt) | | | Dropped a keylogger ( winlog.exe ) that emailed typed passwords to attacker. |
: Events took place in cities worldwide, with the best teams winning trips to Facebook’s campus in San Francisco. hackear facebook 2012
The vulnerability was due to a weakness in Facebook's "View Activity Log" feature, which did not properly validate user input. This allowed an attacker to inject malicious code and access the activity logs of other users. | Claim | Actual Behavior | |-------|------------------| |
While Facebook celebrated "hacking" as a creative tool, it also faced serious unauthorized intrusions: This allowed an attacker to inject malicious code