Get documents about "Facebook Hack
Description
Facebook Basic Profile Information Hack Revealed
Shared by: AyechKiki
-
Stats
- views:
- 19
- posted:
- 1/31/2013
- language:
- pages:
- 1
Document Sample
23 June 2009 By: Lucian Constantin, Web News Editor
Facebook Basic Profile Information Hack Revealed
The website's security team scrambles to fix the problem
FBHive, a new blog that promises to deliver up-to-date news and information about all
things Facebook, dropped a social networking bomb yesterday, by announcing a simple
hack that allowed virtually anyone to view a Facebook user's basic profile information. The
Facebook profile disclosure finally sent the network's security team rushing to fix the bug, even though
private data vulnerable
to simple hack FBHive contacted Facebook about it since June 7.
Facebook
"With a simple hack, everything listed in a person's 'Basic Information' section can be
viewed, no matter what their privacy settings are," the FBHive editors wrote. In order to
back up their claim, they released screenshots with what was supposed to be the private
info of Facebook's own CEO, Mark Zuckerberg, or Digg's Founder, Kevin Rose.
As the "twenty-something guys" running FBHive pointed out, this "Basic Information" was
not so basic after all. It can include a user's gender, birthday, siblings, parents, relationship
status, hometown and even political or religious views. Such personal details can easily
facilitate social engineering scams or can be used to guess other people's answers to
default security questions.
According to TechCrunch, Facebook later announced that, "We have identified this bug
and closed the loophole. We don't have any evidence to suggest that it was ever exploited
for malicious purposes." This is consistent with FBHive editors' claim that they are not
malicious hackers.
The Facebook fans returned with a post today, detailing how the hack worked. "The exploit
involved fooling the 'edit information' section of your profile to display another user's details
when you finish editing your basic information," they said. In order to change profile ID
numbers in POST requests, the hackers used the Tamper Data Firefox add-on.
The "Basic Information" section was the only one affected by this bug, the FBHive guys
noting that the hack failed to work with contact information, or any of the other details.
Furthermore, they claim that their original decision to go public with the issue was to raise
awareness and force Facebook to react more promptly.
"We have already reported this bug to Facebook on June 7th 2009, through multiple
avenues, but it has received little attention. Hopefully this incites a little more action from
them," the FBHive editors wrote in their original announcement. This goal was ultimately
achieved and everyone's private info is now again how it should have been from the start -
private.
Page 1
Copyright (c) 2001-2013 Softpedia. All rights reserved. Softpedia™ and Softpedia™ logo are registered trademarks of SoftNews NET SRL.
