Hackear Facebook 2012 ^new^
Hackear Facebook 2012: The Era of Social Engineering and "Magic" Scripts
- Non-default HTTPS: Until mid-2011, HTTPS was optional. Even when enabled, session cookies were often sent insecurely.
- Weak session management: Session cookies (
c_user, xs) remained valid for up to 90 days without re-authentication.
- No universal 2FA: “Login Approvals” (SMS-based 2FA) existed but was not mandatory or widely adopted.
- Basic email recovery: Password reset often relied on easily guessable security questions (e.g., “Your mother’s maiden name”).
-
Phishing (The Fake Login):
This was the king of 2012 hacks. Users would receive an email or message claiming their account was compromised. The link led to a pixel-perfect replica of the Facebook login page. Once the victim entered their credentials, the data was sent directly to the attacker. hackear facebook 2012