• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Home
  • About
  • Structure
  • Gradebook

ITACS 5211: Introduction to Ethical Hacking

Wade Mackey

Another Facebook Bug Could Have Exposed Your Private Information

November 14, 2018 by Haitao Huang 3 Comments

The security company Imperva has released new details on a Facebook vulnerability that could have exposed user data. The bug allowed websites to obtain private information about Facebook users and their friends through unauthorized access to a company API, playing off a specific behavior in the Chrome browser. The bug was disclosed to Facebook and resolved in May.

In technical terms, the attack is a cross-site request forgery, using a legitimate Facebook login in unauthorized ways. For the attack to work, a Facebook user must visit a malicious website with Chrome, and then click anywhere on the site while logged into Facebook. From there, attackers could open a new pop-up or tab to the Facebook search page and run any number of queries to extract personal information.

https://thehackernews.com/2018/11/facebook-vulnerability-hack.html

 

Filed Under: Week 11: SQL Injection Tagged With:

Reader Interactions

Comments

  1. Xinteng Chen says

    November 14, 2018 at 1:20 pm

    Hi Haitao

    It is important to to know this information. Facebook should pay more attention to the incident. cross-site request forgery can be used by attackers to steal information or even money. It is important for Facebook to have control methods in place to prevent the incident from happening again.

    Log in to Reply
  2. Yingyan Wang says

    November 14, 2018 at 6:08 pm

    Hi Haitao,

    Facebook is a company need to pay strong attention to information security. Vulnerability inside their system should be found and evaluated more accurate, and incidents should be handled in a timely manner. Facebook should put much more efforts in this field to alleviate public concerns and rebuild trust.

    Log in to Reply
  3. Ruby(Qianru) Yang says

    November 28, 2018 at 6:11 am

    It is interesting to know that Facebook’s search feature could be exploited to extract sensitive information related to your Facebook account, such as checking:
    If you have a friend with a specific name or a keyword in his/her name
    If you like a particular page or are a member of a specific group
    If you have a friend who likes a particular page
    If you have taken photos in a certain location or country
    If you have ever posted a photo taken at certain places/countries
    If you have ever posted an update on your timeline containing a specific text/keyword
    If you have Islamic friends

    Log in to Reply

Leave a Reply Cancel reply

You must be logged in to post a comment.

Primary Sidebar

Weekly Discussions

  • Uncategorized (14)
  • Week 01: Overview (7)
  • Week 02: TCP/IP and Network Architecture (18)
  • Week 03: Reconnaisance (17)
  • Week 04: Vulnerability Scanning (19)
  • Week 05: System and User Enumeration (17)
  • Week 06: Sniffers (17)
  • Week 07: NetCat and HellCat (15)
  • Week 08: Social Engineering, Encoding and Encryption (21)
  • Week 09: Malware (14)
  • Week 10: Web Application Hacking (17)
  • Week 11: SQL Injection (15)
  • Week 12: Web Services (25)
  • Week 13: Evasion Techniques (8)
  • Week 14: Review of all topics (15)

Copyright © 2025 · Magazine Pro Theme on Genesis Framework · WordPress · Log in