Samip Aryal, a cybersecurity researcher and an ethical hacker from Nepal, bypassed the system’s rate-limiting feature and subsequently checked possible combinations of 6-digit numbers (from 000000 to 999999) for two hours. Samip Aryal, a Nepali bug bounty hunter, discovered a zero-click flaw in Facebook’s password reset system, potentially allowing hackers to compromise any targeted account.
Source: HackRead