Latest in Gear

Image credit:

Facebook bug allowed other sites to view users' likes and interests

Facebook patched the issue soon after a researcher identified it in May.
Kris Holt, @krisholt
November 13, 2018
Share
Tweet
Share

Sponsored Links

Bloomberg via Getty Images

Facebook's privacy woes are a little murkier after it emerged a bug allowed websites to extract certain data from users' profiles, such as their interests and likes, without them knowing about it. Facebook fixed the bug a few days after Imperva security researcher Ron Masas flagged it in May, and the company told TechCrunch it hasn't seen any abuse of the vulnerability.

The company wasn't protecting its search results from cross-site request forgery, Masas found. Bad actors could have used an iFrame (which lets people embed material such as PDFs, YouTube videos or other pages within web pages) to open a Facebook tab and collect information.

Attackers could have run queries with certain graph searches, such as to find out whether you liked a page, if you took photos at a certain location or if you or your friends used specific keywords in your posts. The bug could have also allowed malicious sites to find out which of your friends liked a certain page or identified with a certain religion.

Facebook is not the only company which has faced this type of issue and it seems no one took advantage of this particular vulnerability. However, it's the kind of data that can be used to build a profile of someone for the likes of ad targeting or election profiling -- we saw something similar with the Cambridge Analytica scandal. With Facebook having faced multiple privacy issues in recent times, its data slips will be under close scrutiny for the foreseeable future, even if attackers didn't exploit this particular bug.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

Engadget's 2020 Back-to-School Guide

Engadget's 2020 Back-to-School Guide

View
Apple is reportedly planning 'Apple One' subscription bundles

Apple is reportedly planning 'Apple One' subscription bundles

View
Intel's discrete Xe GPU for gamers is coming in 2021

Intel's discrete Xe GPU for gamers is coming in 2021

View
Disney, Apple and more voice concerns over WeChat ban to White House

Disney, Apple and more voice concerns over WeChat ban to White House

View
Apple fans: Tell us how you feel about the Magic Keyboard

Apple fans: Tell us how you feel about the Magic Keyboard

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr