Facebook bug let websites read ‘likes’ and interests from a user’s profile

Facebook bug let websites read ‘likes’ and interests from a user’s profile

6 years ago
Anonymous $L9wC17otzH

https://techcrunch.com/2018/11/13/facebook-bug-website-leak-likes-interests-profile/

Facebook has fixed a bug that let any website pull information from a user’s profile — including their ‘likes’ and interests — without that user’s knowledge.

That’s the findings from Ron Masas, a security researcher at Imperva, who found that Facebook search results weren’t properly protected from cross-site request forgery (CSRF) attacks. In other words, a website could quietly siphon off certain bits of data from your logged-in Facebook profile in another tab.

Facebook bug let websites read ‘likes’ and interests from a user’s profile

Nov 13, 2018, 2:19pm UTC
https://techcrunch.com/2018/11/13/facebook-bug-website-leak-likes-interests-profile/ > Facebook has fixed a bug that let any website pull information from a user’s profile — including their ‘likes’ and interests — without that user’s knowledge. > That’s the findings from Ron Masas, a security researcher at Imperva, who found that Facebook search results weren’t properly protected from cross-site request forgery (CSRF) attacks. In other words, a website could quietly siphon off certain bits of data from your logged-in Facebook profile in another tab.