To mr mark zuckerberg and his group,i pretty well know that ain't supposed to send this to your inbox but please make sure that you do some updates in the facebook database and am abit scared for all ugandans using facebook may unknowingly be under spys......This contains parts of the message i sent to mark zuckerberg on facebook and email i sent to hackerone!
Facebook vulnerabilities
I have heard that you are about to have a new development in the incorporation of both instagram,messenger and whatsapp in a sort of intergrated messaging procedure but before you do this i wanna alert you on and of some holes in your social media platforms..these holes may be carried on and it may end up affecting all the applications.
One is the authentication and verification of a phone number associated with a given account on some of the social media accounts e.g especially those created using an email account only as . . a login id ,these accounts are usually compelled to add a phone number which must be verified but on such accounts one can temporary use a phone number without verification for a couple of weeks or more month because on the three facebook accounts iam testing iam and gave been able to use one phone number to login to three different facebook profile accounts;where one is originally verified and associated with a different account while the two others are temporarily using it,a phone number verified to be a login id of another different facebook account can be added and used as a phone number on another account meaning that one phone number can be used to log in to more than two different accounts.On 11/2/2019 i finally came to prove that even one same phone number can be verified and confirmed on more than two differrent facebook accounts.i will explain later about how it is done on my next research am doing on gmail accounts.its annoying that when i sent this email to hackerone,the issue of phone numbers sending reset codes was electified by facebook and i do not understand why they have kept a deaf ear on this issue of one number getting associated with more than two accounts.in my research i also discovered that someone can use ones phone as a login number to a given facebook account without the consent of the owner of that phone number!!!!I think this sounds crazy but its reality..this is possible on some browsers and Facebook pplication on some chinese made phones especially those running on spreadtrum micro chips,the most common browser which is a culprit to this is the NOKIAJAVA ME running on small Techno and airtel phones......plus most techno and airtel smartphones with other browsers are also prone to this however it should be noted that the opera mini browser doesnt allow a such for when i tested it on all the chinese phonebe it techno ,airtel and others it always showed that a phone number is associated with a facebook thus i concluded that on opera mini its had to add a phone associated with another account to act as a login number to another different account,i again noted that;an email associated with another facebook account cannot be used as a second login number to another account unlike phone numbers.now what worries is and what am asking myself is why has facebook managed to make sure that an email that is verified with another account cqnnot be used on another account,why can't they do it on phone numbers.Again,why does a phone number has to be kept pending for more than a year?one can add such a number and he/she doesn't verify it yet it still can be used as a login id for that account,this means that there is a problem with facebook's database.however i have come to prove that this phenomenon is mainly common on browser that are inbuilt on chinese phones or on facebook applications inbuilt on chinese made phones...!!!!thus am compelling the facebook development team to revise their database and make sure that one single phone number must be used " only and only" on one facebook account.
Which official phone numbers from facebook are allowed to send password reset messages to us?
I think many may be not aware that some phone numbers which aren't official facebook's number do send reset codes to our phone numbers associated qith our facebook accounts.they end up even sending facebook links for reseting our passwords which are phish.in some countries where telecommunication companies aren't indipendent, i think government security bodies can force them to surrender facebook users' numbers and some times can divert messages to their numbers so as to interfere with their works on facebook.i have also a belief that these governments have used the ss7 exploit to divert messages to phone numbers of facebook accounts that they think is a threat to them.i have had many scenarios where certain phone numbers from some african country owned by security agencies have been sending password reset messages and reset links whenever one tries to reset his or her account password!! Its really shocking how local number can send one a message if he or she tries to reset his or her password.this messaging from localphone numbers also does occur on Instagram.why does facebook send a message via another number not their own official number?are there local phone numbers that are suppossed to send such messages?if facebook is aware of this or not,then facebook must know that it is very dangerous to someones security and privacy more especially here in africa where governments try all means to interfere into people's privacy...what Facebook and instagram must do is to make sure that phone numbers registered with profile accounts are the ones which must recieve reset messages and such messages from their web database must not pass via any diverted number.i think facebook has much changes to do and implement on its database.
The biggest and graveous threat here is that"as we all know that a reset code sent has some designed time until when it becomes invalid if its not used" but what i have discovered is that such phone numbers that pretentiously send these codes on behalf of facebook even resend a reset code that was earlier sent even after 12hours or more and this reset code can be used to change a password of the facebook account!!! I know its hard to believe this but what am sure of is that such numbers especially here in Uganda have deliberately been established by some authorities(and like in USA where telecom operators and employees were known to be conniving with fraudulent thugs in simcard swapping to steal peoples cash,i can again not exonerate employees of these Ugandan telecom companies.its real absurd that such numbered maybe not registered in names of the real people behind these crimes) to crack down people whom they think aren't good to them or are against their government and i cannot rule out some foreigners carrying out some espionage against uganda.this puts some many of us at a risk and am sure that for almost 18 months Ugandans using mobile phone simcards to access facebook,instagram,twitter,whatsapp were in some way being monitored and am again sure that all Ugandans using ugandan phone numbers to access social media are under this threat!!!i know some of you will look at this as a simple matter but imagine someone having the ability to intercept the actvities on your phone and simcard,i mean messaging, calling,video chatting ......etc! This pretentious sending of security reset codes can affect all apps that do not have end to en encryption.... And am sure that facebook,instagram,twitter are under thus threat.
Some of the examples of these numbers that send these reset codes are +256771952364,+256773120478,+256772423645............and many others
as you can see the phone number 0778364517 is conformed on an account i had created... But i later deleted it!! But that number was already confirmed on another account
No comments:
Post a Comment