Facebook bug allowed websites to grab unsuspecting users’ personal data
https://thenextweb.com/facebook/2018/11/14/facebook-bug-allowed-websites-to-grab-unsuspecting-users-personal-data/
Security firm Imperva found a bug in May that allowed websites to read Facebook users and their friends’ private information. The troubling vulnerability let a site access users’ likes and interests through a manipulated Facebook Graph query. Thankfully, the bug has now been fixed
Imperva’s researcher Ron Masas discovered in May that Facebook was exposed to cross-site request forgery (CSRF). That means another website can access a logged-in Facebook user’s data through queries in code.
Facebook bug allowed websites to grab unsuspecting users’ personal data
Nov 14, 2018, 7:15am UTC
https://thenextweb.com/facebook/2018/11/14/facebook-bug-allowed-websites-to-grab-unsuspecting-users-personal-data/
> Security firm Imperva found a bug in May that allowed websites to read Facebook users and their friends’ private information. The troubling vulnerability let a site access users’ likes and interests through a manipulated Facebook Graph query. Thankfully, the bug has now been fixed
> Imperva’s researcher Ron Masas discovered in May that Facebook was exposed to cross-site request forgery (CSRF). That means another website can access a logged-in Facebook user’s data through queries in code.