New Facebook Bug May Expose Private User Data
NEWS

New Facebook Bug May Expose Private User Data

Security experts discovered a new Facebook bug that allow malicious users to hijack sensitive user data from the social network. According to the proof-of-concept demonstrations the problem allows hackers to exploit a weakness in the service via browser requests. The issue was disclosed to Facebook whose security team is resolving the bug.




The Newly Announced Facebook Bug Allows Hackers to Hijack Private Data

A recently published announcement concerning Facebook security warned that a new vulnerability was identified in the social network. The cause of concern was found within the code of the web page — it contained specific HTML iframe elements that are used to track the users. They are an essential part of the site and also use calls functions across the web service. Upon further analysis the issue has been discovered. As a result of it a proof-of-concept attack scenario was uncovered:

  • The Facebook search engine expects a GET request which is filled with the necessary values from the user’s search query. It was found to be not protected from cross-site request forgery.
  • The Facebook users will be tricked into opening a malicious site and interact in any area of it. This is required in order to run a JavaScript script.
  • This will open a pop-up or a new tab instance which will interact with the Facebook search page.
  • The malicious scripts can manipulate the requests in order to acquire any information that can be accessed through this function.
Related:
Hackers offered to sell access for 10 cents per hacked Facebook account. However, their advertisement has since been taken offline.
Facebook Private Messages for Sale After 81,000 Accounts Were Hacked

As a result of the search results the malicious operators can gain information about both the user and other contacts in their friend list. The security researchers note that mobile users are the most affected as open tabs and other elements can easily be ignored in the background. This allow hackers to simultaneously run multiple queries when the victim is doing other actions.

We remind our readers that Facebook is constantly being targeted by various hacking collectives and using creative methods. A recent example is the

A new scam which prays on social media profiles in order to get users to forward a message has been detected by Facebook users. The scam likely cooperates with a virus that aims to send a hoax message from the...Read more
Facebook friend request forwarding scam which is still being used actively by criminal collectives worldwide. Due to the timely private bug disclosure to Facebook their security team has been working on resolving the issue and .

Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

More Posts - Website

Follow Me:
TwitterGoogle Plus

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...