The popular social network is in decline from all the problems it has had during the year. The last was a security violation that released all user information in May. So far no one from Facebook has decided on this bug who joins the first big hack that Facebook suffered. Ron Masas, a security researcher at Imperva, revealed the vulnerability of information about the social network. "By publishing vulnerability for the company in May 2018, we worked with the Facebook team to ensure that this problem is solved," Masas said in his blog.
A security error has led to any web site that extracts profile information from social network users. This was possible because the social network is not protected against attacks called Cross Frogers Rekuest Frogers (CSRF), which exploit the cyber criminal gets the user to take action, unintentionally, when in the application.
This means that Facebook users, without their knowledge, clicked on links that looked harmless. However, the action allowed the attacker to access his personal information. Masas has shown that a website can embed iframes (an HTML element that allows inserting or embedding an HTML document into another) and quietly collects profile information.
He added that vulnerability "exposed the interests of users and his friends", although he activated the privacy of personal information in the social network. This security error is dangerous "for mobile users because an open card can easily be lost in the background, allowing the attacker to retrieve results for multiple queries while the user watches a video or a whole article on the attacker's page," Masas concluded.
Access to these personal data is very valuable for certain companies. According to TechCrunch, Facebook paid the Impervin Team $ 8,000 prize and additional protection from the CSRF attack to fix the security error.