Author: Ivan Mehta / Source: The Next Web
Security firm Imperva found a bug in May that allowed websites to read Facebook users and their friends’ private information. The troubling vulnerability let a site access users’ likes and interests through a manipulated Facebook Graph query. Thankfully, the bug has now been fixed
Imperva’s researcher Ron Masas discovered in May that Facebook was exposed to cross-site request forgery (CSRF).
That means another website can access a logged-in Facebook user’s data through queries in code.To exploit the bug, a site can embed an IFRAME – a site within a site – to siphon off data from a user. When a logged-in Facebook user visits a website with malicious code and clicks anywhere, the script will begin to gather data by sending queries to the social network, like “Does…
The post Facebook bug allowed websites to grab unsuspecting users’ personal data appeared first on FeedBox.