• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
TechEngage

TechEngage

Technology news and opinions

  • Tech News
  • Reviews
  • How-to
  • Science
    • Energy
    • Environment
    • Health
    • Space
  • Apps
  • More
    • Opinion
    • Noteworthy
    • Roundups
    • Culture
    • Blockchain
      • Cryptocurrency
    • Events
    • Deals
    • Startups
      • Startup Submissions
  • Videos
  • Login
Security, Social Media Networks

Facebook users' information becomes vulnerable, AGAIN!

Avatar for Areen Zahra Areen Zahra November 15, 2018

facebook user privacy

This year did not go well for Facebook, keeping in mind all the security breaches and profile hack scandals the company went through. Late in May 2018, a security firm, Imperva, found a bug that allowed other websites to access information from Facebook. This was possible only through logged in Facebook accounts. With a sigh of relief, that bug has been fixed!
Initially, in May 2018, Imperva highlighted a vulnerability in chrome that can allow other bad actors to steal private information about Facebook users and their friends. The firm further dug in to find out if there were more bugs or loopholes that could result in data robbery.
Ron Masas, the person working on the bug’s research, found out that Facebook was prone to cross-site request forgery. This made it clear that information from logged in Facebook accounts was accessible to data hackers through queries in the code.
Masas, while researching the Chrome piece,  found out that Facebook’s online search result contains an iframe element which was used for some internal tracking purpose. These made Facebook prone to malicious sites as they could easily get an to access Facebook’s data.

If a Facebook user opens up a malicious site, the site forces them to perform a search that can end up giving some good amount of insight into the user’s preferences. Following the same technique, hackers can also learn or extract data about a user’s friend.

Queries can be used to search if a user has a friend from a specific area or a friend with a specific name. Also, one can know about locations visited by a user or if the user has clicked photos in a certain location or a country. Hackers can also put up queries that can return results that tell whether a user wrote a post with a specific word in it or not. It is also possible to know about a person’s religion through these queries. Watch the video to know how!

A Facebook spokesperson told TechCrunch that this vulnerability had not resulted in a data loss yet and that Facebook awarded Imperva with two separate bug bounty rewards of worth $8,000.

We appreciate this researcher’s report to our bug bounty program. As the underlying behavior is not specific to Facebook, we’ve made recommendations to browser makers and relevant web standards groups to encourage them to take steps to prevent this type of issue from occurring in other web applications

We hope that Facebook conducts a strong analysis to reconsider its security measures. Stay tuned to learn more!

Related Tags: Facebook User privacy

Related Stories

  • The Dark Overlord begins to release hacked 9/11 documents

    The Dark Overlord begins to release hacked 9/11 documents

  • Facebook 3D Photos are already here!

    Facebook 3D Photos are already here!

  • Facebook resurfaced messages from long ago (Update: Bug fixed)

    Facebook resurfaced messages from long ago (Update: Bug fixed)

Avatar for Areen Zahra

Areen Zahra

Technology Writer

IT professional and a passionate writer who enjoys putting my love of technology into words for a general audience.

Reader Interactions

Join The Discussion: Cancel reply

Please read our comment policy before submitting your comment. Your email address will not be used or publish anywhere. You will only receive comment notifications if you opt to subscribe below.

Primary Sidebar

Become a contributor

We are accepting contributor applications. All applications will be decided in 3 days after applying. To learn more click here.
TechEngage-Apple-News
TechEngage-Google-News

Recent Stories

  • 6 best car scratch removers on Amazon for 2021
  • Best iPhone 12 and iPhone 12 Pro wallet cases for 2021
  • Best video game consoles to buy on Amazon in 2021
  • Best gaming mouse in 2021
  • Best soft couch covers and sofa slipcovers on Amazon for 2021
Best Office Desks On Amazon

Best office desks on Amazon for comfort in 2021

best laptops for writers

5 Recommended Laptops For Writers and Journalists

how to make bootable usb

How to make a bootable USB

Windows 10 resetting

How to reset Windows 10 without losing data

Footer

About Us

  • Advertise
  • Send us a tip
  • Startup Submission Questionnaire
  • Community Guidelines
  • Corrections Policy & Practice
  • Contact us

Discover

  • About
  • Newsroom
  • Advertise
  • Brand Kit
  • Partners
  • Staff
  • Our Ethics
  • Publication Principles
  • Contact us

Legal Pages

  • Reviews Guarantee
  • Community Guidelines
  • Cookies Policy
  • Comments Policy
  • Our Ethics
  • Disclaimer
  • GDPR Compliance
  • Privacy Policy
  • Terms and Conditions

Download our apps

TechEngage-app-google-play-store

Copyright © 2021 · All Rights Reserved · TechEngage® is a Project of TechAbout LLC.
TechEngage® is a registered trademark in United Kingdom under Trademark Number UK00003417167 and is ISSN protected under the ISSN 2690-3776 and OCLC Number 1139335774.