The hacker used a Firefox Browser equipped with the Fireforce add-on, a very simple a Firefox extension designed to perform brute force attacks on GET and POST forms.

The technique proposed by him targets the unsecure password reset process used by many websites, where the web application used to send a code to the user mobile or email for authenticity verification. Around 40 % websites adopts password reset code composed of numbers and of some fixed length, typically having a length less than 5 digits.

This information could advantage attackers in the password cracking process, the first thing to do is to request a password reset code and then try to attack the password reset code page with Fireforce add-on.