This year did not go well for Facebook, keeping in mind all the security breaches and profile hack scandals the company went through. Late in May 2018, a security firm, Imperva, found a bug that allowed other websites to access information from Facebook. This was possible only through logged in Facebook accounts. With a sigh of relief, that bug has been fixed!
Initially, in May 2018, Imperva highlighted a vulnerability in chrome that can allow other bad actors to steal private information about Facebook users and their friends. The firm further dug in to find out if there were more bugs or loopholes that could result in data robbery.
Ron Masas, the person working on the bug’s research, found out that Facebook was prone to cross-site request forgery. This made it clear that information from logged in Facebook accounts was accessible to data hackers through queries in the code.
Masas, while researching the Chrome piece, found out that Facebook’s online search result contains an iframe element which was used for some internal tracking purpose. These made Facebook prone to malicious sites as they could easily get an to access Facebook’s data.
If a Facebook user opens up a malicious site, the site forces them to perform a search that can end up giving some good amount of insight into the user’s preferences. Following the same technique, hackers can also learn or extract data about a user’s friend.
Queries can be used to search if a user has a friend from a specific area or a friend with a specific name. Also, one can know about locations visited by a user or if the user has clicked photos in a certain location or a country. Hackers can also put up queries that can return results that tell whether a user wrote a post with a specific word in it or not. It is also possible to know about a person’s religion through these queries. Watch the video to know how!
A Facebook spokesperson told TechCrunch that this vulnerability had not resulted in a data loss yet and that Facebook awarded Imperva with two separate bug bounty rewards of worth $8,000.
We appreciate this researcher’s report to our bug bounty program. As the underlying behavior is not specific to Facebook, we’ve made recommendations to browser makers and relevant web standards groups to encourage them to take steps to prevent this type of issue from occurring in other web applications
We hope that Facebook conducts a strong analysis to reconsider its security measures. Stay tuned to learn more!