Facebook Leaks: You’ve Not Heard The Last Of It

X

Security experts are warning there is more to come as it emerged this week that Facebook user’s pages were exposed to ‘third parties’ and hacking accounts was possible.

201105130511143ced6 300x300 Facebook Leaks: Youve Not Heard The Last Of It
Click to enlarge

Security experts Symantec, said this week it discovered a glitch in Facebook’s settings this week which allowed advertisers and other analytic platforms access users pages on ‘private’ settings.

The Social Network accidently leaked ‘tokens’ to third parties which allowed them look at users profiles, pictures, chat and other private data.

Read No Privacy: Facebook User Pages Exposed To ‘3rd Parties’ here

However, there’s more to come, says Ty Miller, Chief Technology Officer from Pure Hacking, who told ChannelNews social networking sites frequently fall prey to weak access controls, so it’s no surprise the breach took place.

“Access controls are a major security concern in all online applications, and are commonly found in our web application penetration test reports.”

“During our web application penetration tests we find that complex web applications, such as social networking sites, often contain serious vulnerabilities such as weak access controls.”

“This won’t be the last access control issue found with Facebook,” he warned.

Such system ‘vulnerabilities’ can result in anything from information disclosure through to full account compromise.

Facebook have stated that “most access tokens expire in two hours”,
however, this doesn’t hold much ground when an attack can be automated
to run every two hours.

 

When such an attack is automated, it can be used to download the
personal data of every user in the system, or perform actions within
every user account.

Access control vulnerabilities also have an extreme impact when the application supports financial transactions, says Miller.

Thus it gets worse. The social network, is currently running a trial to sell coupons to capture a chunk of the Groupon market,  which means that some of its user bank account details could have been compromised, similar to the hacking of the Sony Playstation network.

“This will dramatically increase compromised Facebook account sale prices on the black market,” Miller warns, adding Facebook accounts were found to be easily hacked, when using information just found on the net.

“Last week I had to do a penetration test targeted at compromising specific Facebook accounts using only information available on the Internet.

This was successfully achieved by compromising the victim’s Hotmail account and then using the “Forgotten Password” feature to reset their Facebook password.”

 

“We have reported this issue to Facebook, who has taken corrective action to help eliminate this issue,” Symantec confirmed.

Facebook also admitted the error, and have notified changes on their end to prevent such leakages from reoccurring.

Sony 290ES 728x90 1 Facebook Leaks: Youve Not Heard The Last Of It
728x90 MOTOROLA EDGE 20 PRO Facebook Leaks: Youve Not Heard The Last Of It
728x90 MOTOROLA EDGE 20 FUSION Facebook Leaks: Youve Not Heard The Last Of It
LG HE FN Series Banners 4SQM LB 728x90 Facebook Leaks: Youve Not Heard The Last Of It
728x90 Facebook Leaks: Youve Not Heard The Last Of It
Antiglare 728x90 Facebook Leaks: Youve Not Heard The Last Of It
728x90 Facebook Leaks: Youve Not Heard The Last Of It
SmartHouse Yoga Slim Carbon 728 x 90 Facebook Leaks: Youve Not Heard The Last Of It
ARL0458 Arlo Pro 4 Oct21 Banner 728x90 V2 scaled Facebook Leaks: Youve Not Heard The Last Of It
PAN1992 MWO Banners LB 728x90px V2 Facebook Leaks: Youve Not Heard The Last Of It


YOU MAY ALSO LIKE