Latest in Gear

Image credit: Bloomberg via Getty Images

Facebook bug allowed other sites to view users' likes and interests

Facebook patched the issue soon after a researcher identified it in May.
196 Shares
Share
Tweet
Share

Sponsored Links

Bloomberg via Getty Images

Facebook's privacy woes are a little murkier after it emerged a bug allowed websites to extract certain data from users' profiles, such as their interests and likes, without them knowing about it. Facebook fixed the bug a few days after Imperva security researcher Ron Masas flagged it in May, and the company told TechCrunch it hasn't seen any abuse of the vulnerability.

The company wasn't protecting its search results from cross-site request forgery, Masas found. Bad actors could have used an iFrame (which lets people embed material such as PDFs, YouTube videos or other pages within web pages) to open a Facebook tab and collect information.

Attackers could have run queries with certain graph searches, such as to find out whether you liked a page, if you took photos at a certain location or if you or your friends used specific keywords in your posts. The bug could have also allowed malicious sites to find out which of your friends liked a certain page or identified with a certain religion.

Facebook is not the only company which has faced this type of issue and it seems no one took advantage of this particular vulnerability. However, it's the kind of data that can be used to build a profile of someone for the likes of ad targeting or election profiling -- we saw something similar with the Cambridge Analytica scandal. With Facebook having faced multiple privacy issues in recent times, its data slips will be under close scrutiny for the foreseeable future, even if attackers didn't exploit this particular bug.

Via: TechCrunch
Source: Imperva
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
196 Shares
Share
Tweet
Share

Popular on Engadget

‘Harry Potter: Wizards Unite’ gathered location data while users slept

‘Harry Potter: Wizards Unite’ gathered location data while users slept

View
Yahoo is shutting down its Groups website and deleting all content

Yahoo is shutting down its Groups website and deleting all content

View
Google discontinues Clips, the AI-powered camera you forgot about

Google discontinues Clips, the AI-powered camera you forgot about

View
Netflix grows to 158 million subscribers as Disney+ looms

Netflix grows to 158 million subscribers as Disney+ looms

View
Virgin Galactic passengers will wear these Under Armour spacesuits

Virgin Galactic passengers will wear these Under Armour spacesuits

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr