Facebook patches bug that could have allowed outsiders to steal user data

Joanna Estrada
November 15, 2018

That element, along with the fact that Facebook's search page is effectively an endpoint that expects a GET request (a method of retrieve information from a server in response to a specific query) with search parameters in order to serve up results is not protected against cross-site request forgery, allowed Masas to come up with a data extracting hack. This means any website could easily access some of your data from your logged-in Facebook profile.

And it allowed such info to "cross over domains", explains the researcher.

Facebook is not the only company which has faced this type of issue and it seems no one took advantage of this particular vulnerability. This would trigger the bug and open a small pop-up or a new browser tab with Facebook's search page. The bug allowed websites to obtain private information about Facebook users and their friends through unauthorized access to a company API, playing off a specific behavior in the Chrome browser.

Ron Masas, a security researcher at Imperva, noted that an attacker could've crafted the searches to be more specific, checking on the person's friends based on location, name, religion or any combination of such attributes.

The security company Imperva has released new details on a Facebook vulnerability that could have exposed user data. The user would remain focused on the malicious page that could be an online game or an online streaming site.

Masas had proven this security issue when he created a malicious web page on which an attacker could lure any user.

He also said that it is easy to let users become unconscious with this attack, all you need is to make them engaged on a particular article, video, picture, or any content. Masas also said that this issue is highly vulnerable with mobile browsers as the actual tabs are hidden below each other.

The bug has been fixed by adding CSRF protections and Facebook has also offered $8,000 in two separate bug countries to Imperva. And given that Masas was on a vulnerability hunt, we suspect that such a bug isn't something that opportunistic hackers would stumble across.

The bug was reported to Facebook and fixed as well earlier this May.

In a statement shared with TechCrunch, Facebook spokesperson Margarita Zolotova wrote, "We appreciate this researcher's report to our bug bounty program".

Other reports by Click Lancashire

Discuss This Article