tomorrow's connected future is here today

Facebook Security

Facebook Let 14 year old Kid Use my Email Address for Authorization Multiple Times

 

Subtitle: Facebook, your security still sucks.

 

So last night I get this email:

Untitled-1

Who the hell is Billy Bowman? And why is he using my email address? And in rapid succession I receive:

 

 

Untitled-2

 

Untitled-3

So I say WTF? And *I* am able to login to this account “with my Hotmail credentials” and change the password on this account. I see that Billy is in a chat telling some girl he is 14 years old. (I concurrently change my hotmail password just in case, but this kid is NOT accessing my email).

 

Untitled-4

Then I deactivate the account because I can’t switch the email address.

Untitled-5

 

So even though I’ve changed the password on the account in question, Billy is able to reactivate it.

 

 

Untitled-6

So now, I login to the Billy account and change the primary email address to the other address the kid has listed. I remove my email address from the Billy account.

Untitled-7

So FB sends me a message…

Untitled-8

 

And Billy tries to add it back

 

Untitled-9

So I log in to the Billy account to insure the address is gone and log into my own account and quickly add that email address to my own Facebook account. And Facebook warns Billy that someone may have accessed his account and sends ME the email notification.

Untitled-10

So Billy tries to change the password on his account. I’m ignoring these requests.

Untitled-11

Read this blog with my Windows 8 App

Get the App

Categories
Tags
Archives