Facebook bug let websites read ‘likes’ and interests from a user’s profile
https://techcrunch.com/2018/11/13/facebook-bug-website-leak-likes-interests-profile/
Facebook has fixed a bug that let any website pull information from a user’s profile — including their ‘likes’ and interests — without that user’s knowledge.
That’s the findings from Ron Masas, a security researcher at Imperva, who found that Facebook search results weren’t properly protected from cross-site request forgery (CSRF) attacks. In other words, a website could quietly siphon off certain bits of data from your logged-in Facebook profile in another tab.
Facebook bug let websites read ‘likes’ and interests from a user’s profile
Nov 13, 2018, 2:19pm UTC
https://techcrunch.com/2018/11/13/facebook-bug-website-leak-likes-interests-profile/
> Facebook has fixed a bug that let any website pull information from a user’s profile — including their ‘likes’ and interests — without that user’s knowledge.
> That’s the findings from Ron Masas, a security researcher at Imperva, who found that Facebook search results weren’t properly protected from cross-site request forgery (CSRF) attacks. In other words, a website could quietly siphon off certain bits of data from your logged-in Facebook profile in another tab.