Data Theft Vulnerability Resolved by Facebook

Friday, February 04, 2011



Facebook has reconciled a major privacy vulnerability that left members susceptible to social engineering exploits and data theft.

The flaw may have allowed users to unwittingly spread malware to their contacts and provided malicious websites access to private account information.

The security lapse was discovered by research students Zhou Li and Rui Wang who alerted both Facebook and security firm Sophos, according to an article in

"According to Wang and Li, it was possible for any web site to impersonate other sites which had been authorised to access user data, such as name, gender and date of birth," said senior technology consultant at Sophos Graham Cluley.

"Furthermore, the researchers found a way to publish content on the visiting users' Facebook walls under the guise of legitimate web sites, a potential way to spread malware and phishing attacks."

Cluley was able to confirm the vulnerability after some experimentation, and credited the extensive security precautions applied to his account for the initial difficulties in replicating the exploit.

After several attempts, Cluley said he was able to harvest some private data from his account as well as plant the equivalent of a malicious web link.

Though Facebook staff quickly worked to provide a solution to the flaw, Cluley warns that the social networking platform's complexity makes it likely that similar flaws may be found in the future.

"Clearly Facebook's web site is a complex piece of software, and it is almost inevitable that vulnerabilities and bugs will be found from time to time. The risk is compounded by the fact that there is so much sensitive personal info about users being held by the site, potentially putting many people at risk," Cluley states in the article.

Facebook members should apply some simple security features that are already available. One important feature allows members to monitor their profile for any unauthorized access to their Facebook account.

You can also check out "A Facebook Security Lockdown Guide" which provides a checklist of necessary security options and protocols to help protect you from exploitation.


Possibly Related Articles:
Facebook Privacy Social Networking malware Vulnerabilities Headlines data theft
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.

Most Liked