Imperva, a California based security software provider has discovered a new vulnerable on Facebook’s platform which could leak sensitive details of its users such as likes, posts, and interest.
However, the good news is that the social media giant has patched up the bug causing further embarrassment to the Mark Zuckerberg led company which is already suffering embarrassment from the Cambridge Analytica data scandal.
According to the details available to Cybersecurity Insiders, Imperva found a flaw in Facebook’s search feature in May this year that allowed cyber crooks to quietly steal user data. The online services giant immediately patched up the bug which opened the back door.
But Ron Masas, a security researcher from Imperva claims that Search feature of the tech giant is still vulnerable to cross-site request forgery (CSRF) attacks which take benefit of a user being logged into the service platform to perform unwanted tasks on their browser such as clicking on a tracked link to visit a malicious website.
It was discovered that such activity led to the opening of several Facebook searches in a new tab making the hackers run any number of queries to discover personal info about the user.
Thus, hackers could access sensitive info the account user such as the friends with whom he/she is in regular touch, what pages they have liked, what interests do your friends have?
Cybercrooks can also gain insights on the personal info of the user by manipulating Facebook’s graph search and crafting their search queries.
Even queries related to religion, specific words like Family, location can also be made.
Imperva researchers found that the hacker can also search for photos taken in a specific country or location and can also search with certain word terms and phrases.
Facebook already acknowledged the previous findings of the security firm in its Bug Bounty Program and stressed the fact that this vulnerability could also affect other websites and social media platforms such as LinkedIn.
A spokesperson from Facebook reacted to this news and said that a fix for such vulnerability will be introduced soon like for the one which took place in May this year. The spokesperson was specific that the specified flaw was more related to the browser which the user uses and urged the browser makers to take steps to prevent such security flaws in the near future.
