According to a recently exposed by the security researcher Stephen Sclafani, the primary email address you submit to Facebook upon accession until recently was available for spammers and hackers via a rather glaring flaw in the invitation process. After receiving an email invitation from a friend to join them on the largest social networking site in the world, advanced users can change a part of the URL invite to reveal the address e- mail this person. The URL contains two parameters, "re" and "mi" and changing it, the user's email address was open to exploitation.
This practice would have only exposed the email address of the person if it had sent an invitation in the first place. However, The Hacker News reports that the security flaw has greater consequences when combined with easy access to the popular Facebook directory Facebook and digital ID database via the Graph API. With every digital user ID in hand, they could have then used this information to change the initial email invite URL, revealing the personal email addresses of each user. In short, they could theoretically have to download and store the email addresses of one billion Facebook users, and then use this information to send targeted spam emails, install malicious software or worse.
rather than exploiting this gaping hole in the defenses of the social network, Stephen Sclafani reported the problem to the Facebook security team on March 22. After being informed of the matter, they were able to fix the flaw in their armor within 24 hours of the show to come to light. Facebook also rewarded Sclafani with a price of $ 3,500 as part of their Bug Bounty program, a relatively small sum, considering what was at stake.
If you have concerns about your online security, you can enhance your Internet connection using a VPN service. The VPN acts as a layer of protection between the data stored on your device and all external groups trying to access it.
0 Komentar