Vulnerability on Facebook gave websites access to private data – Technology News – Technology

According to the report, one could see, in silence, the preferences or interests of a person.


From these sites you can also access private information, such as a user or his Facebook friends as a specific page.



November 13, 2018, 12:50 pm

Because of a vulnerability on Facebook, websites could obtain private information from users such as likes and interests, without knowing it. This was revealed by researchers from cyber security company Imperva in a report in which they point out From a malicious website this type of data can be redirected to another Google Chrome tab in a different way.

According to the report, the results of searches on Facebook were not well protected against attacks of forgery of applications. For theft of information the user had to go to a malicious website and click anywhere on the site while he was connected to Facebook. At that time, cyber criminals could open a new pop-up window on the Facebook search page and obtain personal information.

On that tab you can run queries with "yes" or "no" answers, for example asking whether a user or his friends likes a particular page or whether he has taken photos in a particular place. According to Imperva, much more specific data can also be requested, such as all friends of a person with a particular religion or living in a particular city.

Ron Masas, an IT security researcher at Imperva, told Techcrunch that "the vulnerability exposed the interests of the user and his friends, even if their privacy settings were configured in such a way that the interests were only visible to the user's friends."

The error has been corrected in May of this year and although Facebook has so far not issued an official statement, the specialized media The Verge received a reaction from the social network stating that there are no known cases of possible theft of information because of this vulnerability.

"We appreciate the report of this researcher for our reward program, we corrected the problem on our search page and we have not seen any abuse." Because the underlying behavior is not specific to Facebook, we have made recommendations to browser manufacturers and groups. of relevant web standards to encourage them to take measures to prevent this type of problem in other web applications, "said the company.


Keep going down
to find more content

You have arrived content limit of the month

Enjoy the content of DIGITAL TIME unlimited. Register now!

* COP $ 900 / month during the first two months

We know that you would like to be informed.

Create an account and you can enjoy:

  • Access newsletters with the best news today.
  • comment the news that interests you
  • save your favorite items

Create an account and you can enjoy our content from any device.

Source link