Facebook Bug that leaked users’ ‘Likes’ and ‘Interests’ has been plugged

Facebook Bug that leaked users’ ‘Likes’ and ‘Interests’ has been plugged

Masas told ZDNet that an attacker could use a technique called "tab under" to force the opening of the Facebook Search page inside a background tab, which keeps the user's focus on the main malicious page -which could be disguised as an online game, movie streaming portal, or news article.

Masas said that he reported the vulnerability to Facebook and worked with the company's security team to ensure that the issue was thoroughly resolved. CSRF attack forces an end user to perform unwanted actions on a web application in which they're now logged in. "This is especially unsafe for mobile users, since the open tab can easily get lost in the background, allowing the attacker to extract the results for multiple queries, while the user is watching a video or reading an article on the attacker's site", he explained. For example, the exploit could see if a user liked a certain page.

Masas, who works for cybersecurity company Imperva, found that search results on Facebook weren't being properly safeguarded from a type of cyber-attack known as a cross-site request forgery (CSRF). After you log in to Facebook it was enough to make one click on a malicious website, then the attackers could open a pop-up window or tab to the search page of the social network and to identify the necessary information about its users.

"By manipulating Facebook's graph search, it's possible to craft search queries that reflect personal information about the user". He said that the vulnerability revealed the user as well as their friends' interests even if their privacy settings were such so that only user's friends could see their interests.

More news: Harry Potter: Wizards Unite Gets New Details, Trailer

The social media company also denied seeing any evidence that the attack was exploited prior to Masas' discovery.

The company awarded Imperva $8,000 in two separate bug bounty rewards. And given that Masas was on a vulnerability hunt, we suspect that such a bug isn't something that opportunistic hackers would stumble across.

The bug is reportedly not unique to Facebook. "We appreciate this researcher's report to our bug bounty program", he said. "As the underlying behavior is not specific to Facebook, we've made recommendations to browser makers and relevant web standards groups to encourage them to take steps to prevent this type of issue from occurring in other web applications".