Last week, a security firm researcher released a free tool that allows hackers to access accounts on sites that use Facebook Login. The researcher, Egor Homakov, first wrote about the flaw he’d found in the login in January 2014. However, Facebook said they would not fix the issue because it would have disrupted the login feature’s compatibility with many websites. Now Homakov has taken it upon himself to teach Facebook a lesson and release a tool called Reconnect that takes advantage of the loophole.

“Facebook refused to fix this issue one year ago, unfortunately it’s time to take it to the next level and give blackhats this simple tool,” he wrote in a blog post.

Reconnect works by generating malicious URLs that, when clicked, log users out of their own Facebook accounts and into accounts set up by hackers. That then gives the attackers control over the victim’s account. The tool can generate fake links for sites including Mashable, Vimeo, Bit.ly, Stumbleupon and more. For its part, Facebook has said that it is aware of the flaws Homakov is taking advantage of, and if sites that use the Login feature take the proper steps to protect themselves they should not have any issues.

Readers: what do you think of Homakov giving this tool away to hackers who could take advantage of everyday Facebook users? Do you think that’s the right way to get Facebook’s attention?

Recommended Resources

BitDefender Safego is a Facebook application you can install that will scan your News Feed and help keep you safe from scams on Facebook.

Blur is the first all-in-one solution that protects your passwords, payments, and privacy. It gives power back to people making it simple to choose what amount of their personal information they are OK providing to any website: no matter a) what they are doing- surfing, creating a new account, or shopping, or b) what device they are using – mobile phone, browser or tablet.

System Mechanic 14 – Make your computer run like new. Winner of 200+ Editor’s Choice awards!