Facebook flaw allowed websites to steal users' personal data without consent

Status
Not open for further replies.

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,378
Student researchers Rui Wang and Zhou Li found a vulnerability which allowed malicious websites to access a Facebook user's private data without permission.According to Ru them, it was possible for any website to impersonate other sites which had been authorised to access users' data such as name, gender and date of birth.

Furthermore, the researchers found a way to publish content on the visiting users' Facebook walls (under the guise of legitimate websites) - a potential way to spread malware and phishing attacks

Here's a YouTube video by Rui and Zhou where the vulnerability is demonstrated. (Note: there's no sound on the video.)



The good news is that the students practiced responsible disclosure, and informed Facebook's security team about the flaw rather than releasing details of how to exploit users' profiles to all and sundry.

Facebook Security responded promptly, and should be applauded for fixing the vulnerability rapidly once they were informed about it.

Source
 
Last edited:
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top