- Congressman quotes ‘Mein Kampf’ on House floor 4 Months Ago
- Rapper Tone Loc detained after confronting teen in Confederate flag hat 4 Months Ago
- Sarah Sanders shares Mueller Madness bracket Today 10:19 AM
- NASA postpones all-women spacewalk over lack of suits that fit the female astronauts Today 10:17 AM
- Texas Rangers shortstop walks up to ‘Baby Shark’ Today 9:58 AM
- The best wireless gaming headsets under $100 Today 9:23 AM
- Trump demands networks blacklist these guests—including prominent Democrats Today 9:09 AM
- Bookworms! Now’s your chance to grab 3 months of Amazon Music for free Today 9:00 AM
- You can get paid $1,000 to binge-watch the first 20 Marvel movies Today 8:56 AM
- The ‘flat stomach’ meme has morphed into the ‘pregnant mom’ meme Today 8:43 AM
- Get 6 months free with this sweet Amazon Music Unlimited offer Today 8:30 AM
- Zoie Burgher tweets details about supposed threesome with FaZe Pamaj, Abigale Mandler Today 8:09 AM
- How to stream MLB Network for free Today 8:05 AM
- BTS fans at war over these divisive Mattel dolls Today 7:38 AM
- ‘ReMastered: The Miami Showband Massacre’ revisits one of Ireland’s greatest tragedies Today 7:00 AM
Facebook patches vulnerability that could have exposed user data
Social media site denies bug was exploited
A cybersecurity company revealed Monday details surrounding a vulnerability that could have exposed data on Facebook users.
The bug, connected to Facebook’s Search system, was patched by the social media site in May after being reported by Ron Masas, a security researcher with Imperva.
Masas discovered that the search feature was vulnerable to cross-site request forgery attacks, which could allow a malicious website to gather data on a Facebook user while they’re logged in.
“This allowed information to cross over domains—essentially meaning that if a user visits a particular website, an attacker can open Facebook and can collect information about the user and their friends,” Masas said, according to Brinkwire.
While testing out the attack, Masas was able to determine specific data on users and their friends regardless of one’s privacy settings.
Information obtained included, among other things, whether a user had taken a photograph in a certain location or had friends of a certain religion.
“Similar queries can be composed to extract data about the user’s friends,” Masas said. “For example, by searching ‘my friends who like Imperva’ I can check if the current user has any friends who like the Imperva Facebook page.”
Masas added that the vulnerability was especially dangerous for mobile phone users, who may not even notice a new browser tab opening when the attack takes place.
In a statement to The Verge, Facebook stated that such an attack would affect other websites as well, not just its own.
“As the underlying behavior is not specific to Facebook, we’ve made recommendations to browser makers and relevant web standards groups to encourage them to take steps to prevent this type of issue from occurring in other web applications,” Facebook said.
The social media company also denied seeing any evidence that the attack was exploited prior to Masas’ discovery.
News of the bug comes amid increased scrutiny for Facebook following a string of data privacy scandals.
Facebook was recently fined $641,000 by a British watchdog over its involvement in the Cambridge Analytica scandal, which saw data on as many as 87 million Facebook users handed over to third parties.
Mikael Thalen is a freelance journalist based in Seattle, covering all things technology, including social media, data breaches, hackers, and more.