The security company Imperva He discovered a bug in May that allowed websites to have access στα δεδομένα χρηστών του Facebook αλλά και στις προσωπικές information of their friends.
The bug allowed websites to access users' preferences and interests via a query on Facebook's Graph search. Fortunately, the problem has already been fixed by the larger social network.
Impera researcher Ron Masas discovered in May that Facebook allowed cross-site request forgery attacks (CSRF). This means that another site could access Facebook user data by queries in the code.
In order to take advantage of the error of a website, we would have to use an iframe that displayed facebook within its pages.
So if a user who was logged in to Facebook was visiting the malicious code page, the script would start collecting data by sending queries to the social network via Graph search: "Does the user have friends?" or "Does he have friends in Canada?"
You can see an example in the video below.
Investigator Ron Masas of Imperva also said the attack allowed access to users' data even if the information was only visible to friends.
One millionfaceHowever, Facebook's CEO told TechCrunch that there was no data loss. Let's mention that the company Imperva won $8.000 for two separate bugs that it announced on Facebook.
The story comes to remind us that there is no internet security. Once your data is stored on the internet, it stops being yours and becomes shared with the first hacker to break the system.
______________
- VisBug from Google, new practical dev tool
- Facebook presents the Lasso application
- DTP Facebook Google Microsoftc Twitter: data portability project
- App in Facebook did you try last?
- Facebook sued for post traumatic stress disorder