Facebook Hack by AyechKiki


More Info
									23 June 2009              By: Lucian Constantin, Web News Editor
                          Facebook Basic Profile Information Hack Revealed
                          The website's security team scrambles to fix the problem
                          FBHive, a new blog that promises to deliver up-to-date news and information about all
                          things Facebook, dropped a social networking bomb yesterday, by announcing a simple
                          hack that allowed virtually anyone to view a Facebook user's basic profile information. The
Facebook profile          disclosure finally sent the network's security team rushing to fix the bug, even though
private data vulnerable
to simple hack            FBHive contacted Facebook about it since June 7.

                           "With a simple hack, everything listed in a person's 'Basic Information' section can be
                          viewed, no matter what their privacy settings are," the FBHive editors wrote. In order to
                          back up their claim, they released screenshots with what was supposed to be the private
                          info of Facebook's own CEO, Mark Zuckerberg, or Digg's Founder, Kevin Rose.

                           As the "twenty-something guys" running FBHive pointed out, this "Basic Information" was
                          not so basic after all. It can include a user's gender, birthday, siblings, parents, relationship
                          status, hometown and even political or religious views. Such personal details can easily
                          facilitate social engineering scams or can be used to guess other people's answers to
                          default security questions.

                           According to TechCrunch, Facebook later announced that, "We have identified this bug
                          and closed the loophole. We don't have any evidence to suggest that it was ever exploited
                          for malicious purposes." This is consistent with FBHive editors' claim that they are not
                          malicious hackers.

                           The Facebook fans returned with a post today, detailing how the hack worked. "The exploit
                          involved fooling the 'edit information' section of your profile to display another user's details
                          when you finish editing your basic information," they said. In order to change profile ID
                          numbers in POST requests, the hackers used the Tamper Data Firefox add-on.

                           The "Basic Information" section was the only one affected by this bug, the FBHive guys
                          noting that the hack failed to work with contact information, or any of the other details.
                          Furthermore, they claim that their original decision to go public with the issue was to raise
                          awareness and force Facebook to react more promptly.

                           "We have already reported this bug to Facebook on June 7th 2009, through multiple
                          avenues, but it has received little attention. Hopefully this incites a little more action from
                          them," the FBHive editors wrote in their original announcement. This goal was ultimately
                          achieved and everyone's private info is now again how it should have been from the start -

                                                                                  Page 1
                 Copyright (c) 2001-2013 Softpedia. All rights reserved. Softpedia™ and Softpedia™ logo are registered trademarks of SoftNews NET SRL.

To top