Facebook bug allowed websites to grab unsuspecting users’ personal data

Security firm Imperva found a bug in May that allowed websites to read Facebook users and their friends’ private information. The troubling vulnerability let a site access users’ likes and interests through a manipulated Facebook Graph query. Thankfully, the bug has now been fixed Imperva’s researcher Ron Masas discovered in May that Facebook was exposed to cross-site request forgery (CSRF). That means another website can access a logged-in Facebook user’s data through queries in code.  To exploit the bug, a site can embed an IFRAME – a site within a site – to siphon off data from a user. When a logged-in…

This story continues at The Next Web

Or just read more coverage about: Facebook

from The Next Web https://ift.tt/2K2hCIg