Hackers are hijacking Mobile recharge and Free SMS service related websites. Hackers target unsecure password reset process used by many websites. Around 40% websites adopts password reset code composed of numbers and of some fixed length, typically having a length less than 5 digits. The hacker used a Firefox Browser equipped with the Fireforce add-on, a very simple a Firefox extension designed to perform brute force attacks on GET and POST forms. After a successfully hack it is possible to reset the password of the victim, the brute force attack is not so complicated.
Source: https://thehackernews.com/2013/08/short-password-reset-code-vulnerability.html