Facebook Leaks: You’ve Not Heard The Last Of It

X

Security experts are warning there is more to come as it emerged this week that Facebook user’s pages were exposed to ‘third parties’ and hacking accounts was possible.

201105130511143ced6 300x300 Facebook Leaks: Youve Not Heard The Last Of It
Click to enlarge

Security experts Symantec, said this week it discovered a glitch in Facebook’s settings this week which allowed advertisers and other analytic platforms access users pages on ‘private’ settings.

The Social Network accidently leaked ‘tokens’ to third parties which allowed them look at users profiles, pictures, chat and other private data.

Read No Privacy: Facebook User Pages Exposed To ‘3rd Parties’ here

However, there’s more to come, says Ty Miller, Chief Technology Officer from Pure Hacking, who told ChannelNews social networking sites frequently fall prey to weak access controls, so it’s no surprise the breach took place.

“Access controls are a major security concern in all online applications, and are commonly found in our web application penetration test reports.”

“During our web application penetration tests we find that complex web applications, such as social networking sites, often contain serious vulnerabilities such as weak access controls.”

“This won’t be the last access control issue found with Facebook,” he warned.

Such system ‘vulnerabilities’ can result in anything from information disclosure through to full account compromise.

Facebook have stated that “most access tokens expire in two hours”,
however, this doesn’t hold much ground when an attack can be automated
to run every two hours.

 

When such an attack is automated, it can be used to download the
personal data of every user in the system, or perform actions within
every user account.

Access control vulnerabilities also have an extreme impact when the application supports financial transactions, says Miller.

Thus it gets worse. The social network, is currently running a trial to sell coupons to capture a chunk of the Groupon market,  which means that some of its user bank account details could have been compromised, similar to the hacking of the Sony Playstation network.

“This will dramatically increase compromised Facebook account sale prices on the black market,” Miller warns, adding Facebook accounts were found to be easily hacked, when using information just found on the net.

“Last week I had to do a penetration test targeted at compromising specific Facebook accounts using only information available on the Internet.

This was successfully achieved by compromising the victim’s Hotmail account and then using the “Forgotten Password” feature to reset their Facebook password.”

 

“We have reported this issue to Facebook, who has taken corrective action to help eliminate this issue,” Symantec confirmed.

Facebook also admitted the error, and have notified changes on their end to prevent such leakages from reoccurring.

Leaderboard 728x90 Facebook Leaks: Youve Not Heard The Last Of It
4Square clarity ad 1 Facebook Leaks: Youve Not Heard The Last Of It
2 1 Facebook Leaks: Youve Not Heard The Last Of It
220524 SAV 4square May leaderboard Facebook Leaks: Youve Not Heard The Last Of It
Flick of a switch 728x90 1 Facebook Leaks: Youve Not Heard The Last Of It
Leaderboard 728x90 Facebook Leaks: Youve Not Heard The Last Of It
G415 SmartHouse 728x90 v2 Facebook Leaks: Youve Not Heard The Last Of It
728x90 Facebook Leaks: Youve Not Heard The Last Of It
211112 4Square Banner Narrow TWE3B 2 Facebook Leaks: Youve Not Heard The Last Of It
cs2203g0026 009 624347 au cs co re fy23q2w5 sit in7420 2in1 728x90 R2 Facebook Leaks: Youve Not Heard The Last Of It


YOU MAY ALSO LIKE