4 852
Subscribers
-224 hours
-127 days
+4730 days
Posts Archive
4 852
Regarding the recent password reset outage that happened a while ago...
About a month ago, I discovered a Critical Zero-Day vulnerability in Meta's GraphQL. The exploit allowed for zero-interaction Account Takeovers (ATO) under specific conditions, enabling mass account hijacking without any victim interaction. I managed to pull a few OG handles with it, and this exploit was the exact reason Meta was forced to temporarily shut down their reset endpoints for hours to rapidly patch the vulnerable routing paths.
The bug has been officially reported, triaged, and fixed.
@sscoot
