The Bug Exposed Facebook Users And Their Friends’ Interests Was Fixed Shortly After
Author - Nov 15, 2018
Malicious websites exploited a bug on the Facebook website to see users’ likes and interests while they had no idea.
- Billion Dollar Blunder: Meta Shuts Down Metaverse After Wasting $80,000,000,000.00
- Instagram Launches A Lite Version For Users In Rural And Remote Areas
- Australia Passed New Law That Requires Facebook And Google To Pay For News Content
Facebook has seemingly had a year full of difficulties when facing the scandals including security breaches and hacks. A security researcher recently revealed another bad luck for the company.
As per this revelation, malicious websites exploited a bug on the website Facebook.com to see users’ likes and interests while they had no idea.
Ron Masas, a security researcher of Imperva detected the bug in May 2018. He reportedly uncovered that search results on Facebook were the key reason for the attacks of Cross-Site Request Forgery (CSRF for short).
CSRF, also known as Sea Surfing, is a type of attack that the web browser is cheated to run a task inside an application logged in by users. As a consequence, the attack will affect both end users and businesses.
In the case of Facebook, user’s data was siphoned on another browser tab and then, an IFrame could be embedded by a website to make use of their data while they were unaware.
He further explained that the IFrame HTML document was used to “allow information to cross over domains”. In other words, hackers could use Facebook to gather all the information relating to users and their friends when they accessed to a suspicious website.
Moreover, the website approached the search queries on Facebook in a new tab and hence, when users liked a page, hackers would get the information. The same thing also happened when hackers used certain keywords to search any post given by the users which only their Facebook friends can see.
Even when users set the privacy settings to hide their own interests to everyone, but their friends, it doesn’t work with the bug. Advertisement companies may be the beneficiary in this scenario.
The good news is that the company rapidly fixed this bug as soon as it came to light a few days later.
The Facebook spokesperson claimed that the company sent a warning to browsers makers as well as web standards groups to prevent this bug from attacking other web applications.
Featured Stories
ICT News - Mar 31, 2026
DDR5 RAM Prices Finally Easing: Relief for PC Builders in 2026
ICT News - Mar 29, 2026
FTC Takes Action Against Debanking Practices by Major Financial Firms
ICT News - Mar 27, 2026
Palantir CTO Identifies Iran Conflict as First Large-Scale AI-Driven War
ICT News - Mar 24, 2026
OpenAI on the Brink: Major Setbacks Signal the Bursting of the AI Bubble
ICT News - Mar 20, 2026
Top 10 Most Popular Social Media Sites Based on User Count in 2026
ICT News - Mar 19, 2026
Billion Dollar Blunder: Meta Shuts Down Metaverse After Wasting $80,000,000,000.00
ICT News - Mar 18, 2026
X to Introduce Regional Controls for Posts and Replies
ICT News - Mar 17, 2026
Is DLSS 5 Helping Games or Hurting Developers' Creative Style?
ICT News - Mar 16, 2026
AI's Role in Warfare: US Strikes on Iran Unveiled
ICT News - Mar 15, 2026
Elon Musk's Bold Chip Venture: Tesla's Massive Fab Initiative Sparks AI Hardware...
Read more
ICT News- Mar 29, 2026
FTC Takes Action Against Debanking Practices by Major Financial Firms
The Federal Trade Commission has sent warning letters to PayPal, Stripe, Visa, and Mastercard over concerns about debanking lawful businesses and consumers.
ICT News- Mar 31, 2026
DDR5 RAM Prices Finally Easing: Relief for PC Builders in 2026
After nearly a year of painful price surges that left many PC builders and gamers stunned, DDR5 memory is showing its first real signs of relief.
Comments
Sort by Newest | Popular