Facebook Bug Let Websites Access Private User Data

Nov. 13, 2018
Facebook Bug Let Websites Access Private User Data
  1. Home
  2. News
  3. Facebook Bug Let Websites Access Private User Data

A security researcher at Imperva recently identified a vulnerability within Facebook that could have allowed other websites to extract private information about users and their contacts.

Discovered by Imperva security researcher Ron Masas, the vulnerability reportedly preyed on the unique cross-origin behavior of iframes, which embeds another HTML page into the current page. By manipulating Facebook’s graph search, it was possible to craft search queries that reflected personal information about the user.

Tags:

No tags.

JikGuard.com, a high-tech security service provider focusing on game protection and anti-cheat, is committed to helping game companies solve the problem of cheats and hacks, and providing deeply integrated encryption protection solutions for games.

Explore Features>>

Top

None
Acreed Emerges as Dominant Infostealer Threat Following Lumma Takedown
June 2, 2025
None
#Infosec2025: Ransomware Drill to Spotlight Water Utility Cyber Risks in ‘Operation 999’
June 2, 2025
None
Cryptojacking Campaign Targets DevOps Servers Including Nomad
June 2, 2025
None
Sophisticated Malware Campaign Targets Windows and Linux Systems
June 2, 2025
None
New Linux Vulnerabilities Expose Password Hashes via Core Dumps
June 2, 2025

Tags

Featured BlogsTop StoriesLayoffsBlogsCultureUbisoftGenerative AIFeaturesGDC 2024UnityValveHorror GamesStaff BlogOmdia | Game Industry AnalysisGame Developer EssentialsState of the Game Industry ReportGame Developer's 2024 Wrap-Up: Top Games Devs and TrendsGame Developer CollectiveAudioDesignerSpotlight SeriesDeep DivesRootunity encryption[Company] UnityArtist[Company] Xbox[Company] PlayStationCooking GamesAnti-modifierGame SecurityRoot detectionAssetbundle encryptionGodotCareer adviceQ&A'sGameGuardianModifierAnti-RootSignature verificationUnity Hardeningab package encryptioniOS resource encryptionCECheat EngineAnti-CrackingGame Anti-HackingAnti-Hacking

Recent

None
Acreed Emerges as Dominant Infostealer Threat Following Lumma Takedown
June 2, 2025
None
#Infosec2025: Ransomware Drill to Spotlight Water Utility Cyber Risks in ‘Operation 999’
June 2, 2025
None
Cryptojacking Campaign Targets DevOps Servers Including Nomad
June 2, 2025
None
Sophisticated Malware Campaign Targets Windows and Linux Systems
June 2, 2025
None
New Linux Vulnerabilities Expose Password Hashes via Core Dumps
June 2, 2025
None
ZeniMax Workers United reaches tentative agreement with Microsoft
June 2, 2025
None
People Can Fly suspends two projects, announces layoffs
June 2, 2025
None
Wordfeud developer donates $50,000 to Norwegian games accelerator Spawn Point
June 2, 2025
None
Jobs roundup: June 2025 | Turborilla appoints John Wright as CEO
June 2, 2025
None
IGN Live reveals full schedule ahead of this weekend's event
June 2, 2025

Popular

None
Wizards of the Coast announces "exclusive publishing agreement" for Dungeons & Dragons games with Giant Skull
June 2, 2025
None
Former The Sims producer Tim LeTourneau has died
June 2, 2025
None
Tango Gameworks unveils new branding and confirms it's working on a new action game
June 2, 2025
None
6 Welsh game developers secure $1.1m Welsh Government funding to develop their pilots
June 2, 2025
None
Apple has less than 30 days to comply with the European Commission's DMA or face further penalties
June 2, 2025
None
Dutch Police Lead Shut Down of Counter AV Service AVCheck
June 1, 2025
None
Jingle Jam raises £2.7 million after impressive 2024 fundraising event
May 30, 2025
None
Flashbulb Games makes cuts as unannounced project cancelled
May 30, 2025
None
Investigation claims "network of illegal casinos" lets children gamble with their Roblox account details
May 30, 2025
None
Catly dev "surprised" at AI speculation - "we don't think there are AI tools that could produce that"
May 30, 2025

Random

None
Apple has less than 30 days to comply with the European Commission's DMA or face further penalties
June 2, 2025
None
Nitro-powered growth: Rising opportunities in the game resource ecosystem
May 30, 2025
None
6 Welsh game developers secure $1.1m Welsh Government funding to develop their pilots
June 2, 2025
None
New Linux Vulnerabilities Expose Password Hashes via Core Dumps
June 2, 2025
None
Jingle Jam raises £2.7 million after impressive 2024 fundraising event
May 30, 2025
None
Dutch Police Lead Shut Down of Counter AV Service AVCheck
June 1, 2025
None
Switch 2 (finally), GTA 6 to dominate, AI in game dev (again): Analysts predictions for 2025
May 30, 2025
None
Australian games sector employment "steady" as industry generates $211.9m in 2024
May 30, 2025
None
People Can Fly suspends two projects, announces layoffs
June 2, 2025
None
James Wan is adapting indie horror Pacific Drive for TV
May 30, 2025

Most Views

None
Twitch watch time broadly stable in 2024 at 18.9bn hours
May 30, 2025
None
Tencent directors step down from Epic Games' board after US Justice Department "expressed concerns"
May 30, 2025
None
Hothead Games shuts down
May 30, 2025
None
Aonic secures over €150m in funding
May 30, 2025
None
2024 in Review | GI Microcast
May 30, 2025
None
AIAS to honor Nintendo of America veteran Don James
May 30, 2025
None
Switch 2 (finally), GTA 6 to dominate, AI in game dev (again): Analysts predictions for 2025
May 30, 2025
None
Amazon renews Secret Level for a season 2
May 30, 2025
None
DFC: Nintendo Switch 2 will be "the clear winner" of next-gen consoles
May 30, 2025
None
Neurodiversity in the game industry: unlocking hidden talents | HR Summit Video
May 30, 2025