Facebook has found itself engulfed in yet another hacking scandal, only this time, it’s scarier than a simple malware problem. A hacker has been able to exploit a major privacy flaw in the social networking giant’s OAuth permissions to access almost anyone’s private data. Security hacker Nir Goldshlager described his exploits in a blog post, detailing how he went about working through a flaw in the website. The OAuth permission crops up every time an application needs some or all of your information to run smoothly on Facebook. When you hit the ‘Allow’ button on the site, the application gets access to information like your name, your age, your location and more. The app can even seek permission to post on your timeline on your behalf.“I found a way in to get a full permissions (read inbox, outbox, manage pages, manage ads, read private photos, videos,etc..) over the victim account even without any installed apps on the victim's account,” Goldshlager revealed. “By exploiting this flaw I could steal unique access tokens that provides me full control over any Facebook account,” he wrote. Click here for full story
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
