Status Update takeover
Since my name is Paulos Yibelo (pXy) and 251 (my country code) wiggly (a random english dictionary word), and I have changed it to a custom one, don't try it. :P but no, the *predictablity* of the email isn't what I am trying to talk about.
#values only contain small letters and numbers
letters = '
letter = ''
for i in range(12): #all possisble values are 12 in length
letter += random.choice(letters)
#add all possible values to list
file = open("wordList.txt","a")
counter = 1;
generated = generateWord()+"@m.facebook.com
print counter,"words Generated so far"
Account ID Takeover
So the flaw here is to overdrive the ID by creating a username with an upcoming or already existing (but no username) having account. Meaning if forexample there is a guy with an id 009834234, (not real) meaning he can access his account via.
But if we create a username with that id from facebook.com/username, then when people navigate to his profile id, they will be getting our username (his id) account.