Click For Photo: https://cnet3.cbsistatic.com/img/WBFYTXTJnjPWeBXtccFmR745H80=/724x407/2018/05/01/85169f31-d09b-4e7a-9ab0-850efcefb080/facebook-f8-mark-zuckerberg-data-privacy-2018-0218.jpg
Facebook CEO Mark Zuckerberg discussing data privacy at F8.
Your Facebook "Likes," posts and friends were exposed from a vulnerability that the social network recently fixed.
Vulnerability - Request - Forgery - CSRF - Attacks
The vulnerability uses cross-site request forgery (CSRF) attacks, which tricks pages into performing tasks they're not supposed to, combined with access to an account already logged in. The security flaw is tied to Facebook on Google's Chrome browser, which accounts for more than 60 percent of browsers used online. Google did not immediately respond to a request for comment.
Imperva, a cybersecurity company, discovered the flaw and disclosed it to Facebook in May. The social network did not respond to a request for comment.
Attack - Hacker - Person - Facebook - Website
For the attack to work, a potential hacker would have to trick a person logged into Facebook into opening up a malicious website, which Imperva's researchers set up during their analysis.
Once a person clicks anywhere on the website, the vulnerability would use iFrames -- code used to embed content on pages like YouTube videos -- to open a new tab with Facebook's search page.
Attacker - Searches - Information - Friends - Friends
From there, the attacker could have created searches to look for personal information -- to view your friends, what pages you've liked, and what pages your friends liked.
Ron Masas, a security researcher at Imperva, noted that you could craft the searches to be more specific, like if you wanted to check on the person's friends based on location, name, religion, or any combination.
(Excerpt) Read more at: CNET
Wake Up To Breaking News!