• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

TechEngage®

Connecting mankind with technology

  • News
  • Reviews
  • Cryptocurrency
  • How-to
  • Roundups
  • Science
    • Energy
    • Environment
    • Health
    • Space
  • Apps
  • More
    • Opinion
    • Noteworthy
    • Culture
    • Events
    • Deals
    • Startups
      • Startup Submissions
  • Videos
  • Tools
TechEngage » News » Security

Facebook users' information becomes vulnerable, AGAIN!

Areen Zahra Follow Areen Zahra on Twitter November 15, 2018

facebook user privacy
FacebookTweetPinLinkedInPrintEmail

This year did not go well for Facebook, keeping in mind all the security breaches and profile hack scandals the company went through. Late in May 2018, a security firm, Imperva, found a bug that allowed other websites to access information from Facebook. This was possible only through logged in Facebook accounts. With a sigh of relief, that bug has been fixed!
Initially, in May 2018, Imperva highlighted a vulnerability in chrome that can allow other bad actors to steal private information about Facebook users and their friends. The firm further dug in to find out if there were more bugs or loopholes that could result in data robbery.
Ron Masas, the person working on the bug’s research, found out that Facebook was prone to cross-site request forgery. This made it clear that information from logged in Facebook accounts was accessible to data hackers through queries in the code.
Masas, while researching the Chrome piece,  found out that Facebook’s online search result contains an iframe element which was used for some internal tracking purpose. These made Facebook prone to malicious sites as they could easily get an to access Facebook’s data.

If a Facebook user opens up a malicious site, the site forces them to perform a search that can end up giving some good amount of insight into the user’s preferences. Following the same technique, hackers can also learn or extract data about a user’s friend.

Queries can be used to search if a user has a friend from a specific area or a friend with a specific name. Also, one can know about locations visited by a user or if the user has clicked photos in a certain location or a country. Hackers can also put up queries that can return results that tell whether a user wrote a post with a specific word in it or not. It is also possible to know about a person’s religion through these queries. Watch the video to know how!

A Facebook spokesperson told TechCrunch that this vulnerability had not resulted in a data loss yet and that Facebook awarded Imperva with two separate bug bounty rewards of worth $8,000.

We appreciate this researcher’s report to our bug bounty program. As the underlying behavior is not specific to Facebook, we’ve made recommendations to browser makers and relevant web standards groups to encourage them to take steps to prevent this type of issue from occurring in other web applications

We hope that Facebook conducts a strong analysis to reconsider its security measures. Stay tuned to learn more!

Filed Under: Security, Social Networks Tagged With: Facebook, User privacy

Related Stories

  • Google Authenticator finally gets most awaited cloud sync feature

    Google Authenticator finally gets most awaited cloud sync feature

  • Instagram update brings dark mode on iOS 13 and Android 10

    Instagram update brings dark mode on iOS 13 and Android 10

  • Hackers can use a WhatsApp video call to hack your phone

    Hackers can use a WhatsApp video call to hack your phone

FacebookTweetPinLinkedInPrintEmail

About Areen Zahra

IT professional and a passionate writer who enjoys putting my love of technology into words for a general audience.

Reader Interactions

Share Your Thoughts Cancel reply

Please read our comment policy before submitting your comment. Your email address will not be used or published anywhere. You will only receive comment notifications if you opt to subscribe below.

Primary Sidebar

Become a contributor

We are accepting contributor applications. All applications will be decided in 3 days after applying. To learn more visit the contributors page.
TextSheet Alternative

6 Top Alternatives to Textsheet for 2025

Muhammad Zeshan Sarwar October 5, 2024

battery draining apps

Top 10 battery draining apps to avoid 2025

Muhammad Abdullah October 5, 2024

Recent Stories

  • 6 Top Alternatives to Textsheet for 2025
  • Top 10 battery draining apps to avoid 2025
  • The Benefits of Having a Small Air Compressor for Flat Tires
  • 4 Best Free VPNs for 2025
  • 9 Best Calendar Apps in 2025

Footer

Discover

  • About us
  • Newsroom
  • Staff
  • Advertise
  • Send us a tip
  • Startup Submission Questionnaire
  • Brand Kit
  • Contact us

Legal pages

  • Reviews Guarantee
  • Community Guidelines
  • Corrections Policy and Practice
  • Cookies Policy
  • Our Ethics
  • Disclaimer
  • GDPR Compliance
  • Privacy Policy
  • Terms and Conditions

Must reads

  • Best AirPods alternatives on Amazon
  • Best PC monitors for gaming on Amazon
  • Best family board games
  • Best video doorbells without subscription
  • Best handheld video game consoles
  • Best all-season tires for snow
  • Best mobile Wi-Fi hotspots
  • Best treadmills on Amazon

Download our apps

TechEngage app coming soon on App Store

© 2024 TechEngage®. All Rights Reserved. TechEngage® is a project of TechAbout LLC.

TechEngage® is a registered trademark in the United States under Trademark Number 6823709 and in the United Kingdom under Trademark Number UK00003417167. It is also ISSN protected under ISSN 2690-3776 and has OCLC Number 1139335774.

  • Terms & Conditions
  • Privacy Policy