Reportedly, Facebook has fixed the bug that allowed prying eyes to obtain information from a user’s profile – without their knowledge.
Initially, Ron Masas, a security researcher at Imperva found the glitch in Facebook’s search results and claimed that they were not properly protected from cross-site request forgery attacks. In non-technical words, this means that website can easily take information from your logged-in Facebook profile from the other tab.
Maras also claimed that the malicious websites could easily acquire information by using IFRAME that allows users to nest a webpage within the other. According to him, the harmful websites can open several search queries in a new tab and prompt it to give “yes” or “no” response. For example, whether the Facebook user likes a certain page or their personal demographics can be asked.
Imperva disclosed the bug to the company in May and claimed that all Facebook profiles were vulnerable despite their unique privacy settings. In response, Facebook fixed the issue by adding CSFR protection and paid out $8,000 in two separate bug bounties.
The leading social media company also revealed to TechCrunch that no abuse has yet been reported to them. However, the spokesperson for Facebook did appreciate the efforts of Imperva researcher in reporting the issue timely.
Featured image: Bloomberg / Getty Images
Initially, Ron Masas, a security researcher at Imperva found the glitch in Facebook’s search results and claimed that they were not properly protected from cross-site request forgery attacks. In non-technical words, this means that website can easily take information from your logged-in Facebook profile from the other tab.
Maras also claimed that the malicious websites could easily acquire information by using IFRAME that allows users to nest a webpage within the other. According to him, the harmful websites can open several search queries in a new tab and prompt it to give “yes” or “no” response. For example, whether the Facebook user likes a certain page or their personal demographics can be asked.
Imperva disclosed the bug to the company in May and claimed that all Facebook profiles were vulnerable despite their unique privacy settings. In response, Facebook fixed the issue by adding CSFR protection and paid out $8,000 in two separate bug bounties.
The leading social media company also revealed to TechCrunch that no abuse has yet been reported to them. However, the spokesperson for Facebook did appreciate the efforts of Imperva researcher in reporting the issue timely.
Featured image: Bloomberg / Getty Images