Facebook Bug Allowed Websites to Grab Private User Data
The truth is out! Facebook is not as secure as we thought it to be! In a new exposure, it has been found out that there is a bug in the application that may allow sensitive information to get leaked out and put the user at potential risk. It has been found out by a security researcher at Imperva that there is a bug or vulnerability that may allow different other websites to get sensitive information that is private to the users of Facebook. Moreover, important information like contact details, telephone number, email address and so on can easily be extracted.
The bug targets iframes of Facebook
The bug was exposed by a security researcher at Imperva by the name of Ron Masas. According to him, this is how the bug works. It preys on the cross-origin functional process of the iframes that is used to embed another HTML page into the current page. This is how it manipulates the graph search functionality of Facebook. The graph search is the one that is used to make the search queries if different users in the application. By manipulating the search, the big may get personal information about users.
The bug first attacks the iframe element that is embedded within the search functionality of Facebook. By making the functionality vulnerable, it can cross over domains and get personal info about users from across the globe. So, when a user goes to a particular website, the attacker using the bug can open Facebook and can collect all the relevant information about the user and his or her friends. The bug and the data are extremely good for hackers and cyber attackers who tend to build on social networking platforms to breach security systems and get access to sensitive data and other personal information.
The bug will gain prominence in 2019
According to the researchers, the bug has already made its way and it will gain prominence in 2019. Unlike other bugs that circumvent authentication bypasses for data leak or breach of personal information, this one allows attackers to exploit or abuse the iframes of the Facebook application to get access to the personal information of the user. Moreover, it does not keep any trace compared to other bugs. This is one of the main reasons why it would be extremely difficult to detect the bug at the right time. Facebook users those who use the application quite frequently are extremely vulnerable to the attack.
The probability of the bug first came into prominence in the early months of 2018 and has started to grow since then. It was discussed during the disclosure program of Facebook that took place in May 2018. The researchers worked with the security team of Facebook in order to identify how the bug works and find out strategies to solve it. This was done through the process of mitigating regression checks.
The management at Facebook also seemed to acknowledge the problem of the bug attack. According to the spoke persons at the Facebook office, the team along with the researchers detected the bug and work in underway to solve it. Facebook also thanked the researchers for their report. However, they added that the bug behaviour is not completely specific to Facebook and is also based on the browser configurations. As such, Facebook has requested browser developers and web service groups to take steps to prevent the attack and strengthen other web applications against it.
While you are using Facebook or playing your mobile roulette app games, you need to be aware of the security. Choose apps that are secure and licensed. Moreover, it is better to go for payment methods where you do not have to divulge sensitive financial information.