• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
TechEngage®

TechEngage®

Technology news and opinions

  • Tech News
  • Reviews
  • How-to
  • Roundups
  • Science
    • Energy
    • Environment
    • Health
    • Space
  • Apps
  • More
    • Opinion
    • Noteworthy
    • Culture
    • Blockchain
      • Cryptocurrency
    • Events
    • Deals
    • Startups
      • Startup Submissions
  • Videos
TechEngage » News » Security

Facebook users' information becomes vulnerable, AGAIN!

Avatar Of Areen Zahra Areen Zahra November 15, 2018

facebook user privacy

This year did not go well for Facebook, keeping in mind all the security breaches and profile hack scandals the company went through. Late in May 2018, a security firm, Imperva, found a bug that allowed other websites to access information from Facebook. This was possible only through logged in Facebook accounts. With a sigh of relief, that bug has been fixed!
Initially, in May 2018, Imperva highlighted a vulnerability in chrome that can allow other bad actors to steal private information about Facebook users and their friends. The firm further dug in to find out if there were more bugs or loopholes that could result in data robbery.
Ron Masas, the person working on the bug’s research, found out that Facebook was prone to cross-site request forgery. This made it clear that information from logged in Facebook accounts was accessible to data hackers through queries in the code.
Masas, while researching the Chrome piece,  found out that Facebook’s online search result contains an iframe element which was used for some internal tracking purpose. These made Facebook prone to malicious sites as they could easily get an to access Facebook’s data.

If a Facebook user opens up a malicious site, the site forces them to perform a search that can end up giving some good amount of insight into the user’s preferences. Following the same technique, hackers can also learn or extract data about a user’s friend.

Queries can be used to search if a user has a friend from a specific area or a friend with a specific name. Also, one can know about locations visited by a user or if the user has clicked photos in a certain location or a country. Hackers can also put up queries that can return results that tell whether a user wrote a post with a specific word in it or not. It is also possible to know about a person’s religion through these queries. Watch the video to know how!

A Facebook spokesperson told TechCrunch that this vulnerability had not resulted in a data loss yet and that Facebook awarded Imperva with two separate bug bounty rewards of worth $8,000.

We appreciate this researcher’s report to our bug bounty program. As the underlying behavior is not specific to Facebook, we’ve made recommendations to browser makers and relevant web standards groups to encourage them to take steps to prevent this type of issue from occurring in other web applications

We hope that Facebook conducts a strong analysis to reconsider its security measures. Stay tuned to learn more!

Related Tags: Facebook User privacy

Related Stories

  • Jeff Bezos Is All Cool To Take Jedi Contract Of $10B

    Jeff Bezos is all cool to take JEDI contract of $10B

  • Facebook And Human Rights Impact In Myanmar

    Facebook and Human Rights Impact in Myanmar

  • Petey Vid: A Privacy-Focused Video Search Engine Has Been Launched

    Petey Vid: A privacy-focused video search engine has been launched

Avatar Of Areen Zahra

Areen Zahra

Former Technology Writer

IT professional and a passionate writer who enjoys putting my love of technology into words for a general audience.

Reader Interactions

Share Your Thoughts Cancel reply

Please read our comment policy before submitting your comment. Your email address will not be used or publish anywhere. You will only receive comment notifications if you opt to subscribe below.

Primary Sidebar

Become a contributor

We are accepting contributor applications. All applications will be decided in 3 days after applying. To learn more click here.
TechEngage-Apple-News
TechEngage-Google-News

5 Top Gaming Laptops in 2023

The best messaging apps of this year

10 Best Messenger Apps in 2023

Recent Stories

  • 6 best treadmills on Amazon in 2023
  • Samsung unveils Galaxy S23 series with “made for Galaxy” Snapdragon processor
  • Netflix crackdown nears as streaming giant tightens password sharing rules
  • Best ad blockers for desktop in 2023
  • Top Slack Alternatives in 2023

Footer

Discover

  • About us
  • Newsroom
  • Staff
  • Advertise
  • Send us a tip
  • Startup Submission Questionnaire
  • Brand Kit
  • Contact us

Legal pages

  • Reviews Guarantee
  • Community Guidelines
  • Corrections Policy and Practice
  • Cookies Policy
  • Our Ethics
  • Disclaimer
  • GDPR Compliance
  • Privacy Policy
  • Terms and Conditions

Must reads

  • Best AirPods alternatives on Amazon
  • Best PC monitors for gaming on Amazon
  • Best family board games
  • Best Graphics Cards (GPUs) for gaming
  • Best video doorbells without subscription
  • Best handheld video game consoles
  • Best all-season tires for snow
  • Best mobile Wi-Fi hotspots
  • Best treadmills on Amazon
  • Best AM radios for long-distance reception

Download our apps

TechEngage-app-google-play-store

Copyright © 2023 · All Rights Reserved · TechEngage® is a Project of TechAbout LLC.
TechEngage® is a registered trademark in United Kingdom under Trademark Number UK00003417167 and is ISSN protected under the ISSN 2690-3776 and OCLC Number 1139335774.

Go to mobile version