BitDefender Offers Insights Into Recently Discovered Facebook Vulnerability

Symantec discovered a security vulnerability that affected the way third party programs, such as games and other applications, accessed user data and information. According to BitDefender®, an award-winning provider of innovative internet security solutions, the entire issue is related to OAUTH, the secure authorization protocol, and the use of some deprecated parameters by different applications which are still not updating from OAUTH to its latest version, OAUTH2.0.
From this vulnerability, third parties, such as advertisers can get hold of access tokens, which open Facebook users' account information (such as basic information, profiles, pictures) and will sometimes give them the ability to perform different actions in the user's name.
"At the current time, it is unclear whether there actually was a data breach or not. Symantec discovered a security issue and notified Facebook accordingly," commented Catalin Cosoi, Head of the BitDefender Online Threats Lab. "This could mean that the issue was proactively discovered and Facebook fixed it before anyone lost any data. On the other hand, it could mean that it is a known vulnerability in the underground or unethical world and users' private data has been leaking for some time now."
Facebook has solved this issue as soon as possible, but this episode teaches all users two main lessons: (1) applications should have switched to the new authorization mechanism as soon as possible and (2) if any data was leaked, there's not much to be done now, since it is lost for good.
Although it should not be the case here, information extracted from social media can be easily converted into directed attacks, like phishing, highly social engineered spam messages and possibly even identity theft. Users should pay extra attention in the following months when it comes to all messages received and be very careful when asked to perform different actions, even if the messages/requests come from a trusted source.
"This information can be illicitly used by marketers and advertisers in order to better profile their users and to serve ads based on interests and views. As always, a good way for Facebook users to invalidate their current access tokens is for them to change their passwords," advised Cosoi.


Voice Of GREYHAT is a non-profit Organization propagating news specifically related with Cyber security threats, Hacking threads and issues from all over the spectrum. The news provided by us on this site is gathered from various Re-Sources. if any person have some FAQ's in their mind they can Contact Us. Also you can read our Privacy Policy for more info. Thank You ! -Team VOGH
If you enjoyed VOGH News, Articles Then Do Make sure you to Subscribe Our RSS feed. Stay Tuned with VOGH and get Updated about Cyber Security News, Hacking Threads and Lots More. All our Articles and Updates will directly be sent to Your Inbox. Thank You! -Team VOGH



Post a Comment

Related Posts Plugin for WordPress, Blogger...