Yahoo Finance Vulnerability in Facebook could have exposed personal user data
A security flaw in Facebook could have allowed hackers to obtain private data about users, including their "likes" and posts.
Cybersecurity company Imperva found that a bug in Facebook let websites scan through the data of Facebook users who had visited their website.
The flaw used Facebook’s internal system for developers to allow potential hackers to conduct searches into the data of people visiting the websites, as well as their friends.
Visiting a malicious website could have also allowed hackers to search for any pages a user had liked, even if they had made such data private. They could also search for posts that contained specific text from the user or their friends.
Facebook fixed the issue in May and there’s no indication that the flaw was successfully exploited by hackers.
A Facebook spokesman explained the company’s reaction to the bug in a statement to The Verge. “We appreciate this researcher’s report to our bug bounty program,” he said.
“We’ve fixed the issue in our search page and haven’t seen any abuse. As the underlying behavior is not specific to Facebook, we’ve made recommendations to browser makers and relevant web standards groups to encourage them to take steps to prevent this type of issue from occurring in other web applications.”
The emergence of another security flaw in Facebook is likely to cause concern for users of the service following two more serious breaches of privacy.
Facebook said in September that it had suffered a breach which exposed the data of 50m of its users. Hackers successfully exploited a series of loopholes in the site which allowed them to obtain profile information of its users.
The social network was also fined £500,000 by the Information Commissioner's Office. The ICO said that Facebook allowed a personality app created by Dr Aleksandr Kogan, the data scientist behind Cambridge Analytica, to access personal data from November 2013.
As well as the 300,000 people who installed the app, it was able to harvest the information of 87m people around the world.
