Skip to main content

Terrifying Facebook security flaw lets hacker access anyone’s page

facebook lockIs Facebook secure? We questions the site’s security constantly, but no matter how many times evidence hints that the answer is a big fat “NO,” we keep coming back.

So there probably won’t be much fallout from the most recent Facebook security flaw discovery, even though Web application security specialist Nir Goldshlager figured how to hack into all of your Facebook pages. That’s right. Everyone. You. Me. Your grandma. Your high school friend who always posts uninformed political commentary.

Related Videos

Goldshlager investigated a weakness he found in Facebook’s OAuth system, and wrote about what the gaping security hole on his personal blog. In brief, he exploited an app authorization security flaw that easily gave him full access to Facebook user pages, even when users did not have installed apps on their account.

fb security

As Goldshlager described it, “there are built-in Applications in Facebook that users never need to accept.” So even if you studiously avoid giving third-party apps permission to access your account, Facebook’s pre-installed applications (like Facebook Messenger) exposed users to the same vulnerability.

After reporting the problem to Facebook, the company awarded him its “White Hat” for security contributions. It also promptly fixed the bug.

Goldshlager exposes security flaws for a living, so if you’re worried about your nosy aunt hacking her way into your Facebook account, these flaws are too hidden for the average Facebook user to figure out. But even semi-sophisticated hackers could find similar holes and use them to hunt for personal information in private messages, leading to identity theft or widespread malware installation.

While the security issue has been fixed, we can’t blame anyone who’s a bit shaken up by the privacy and security failures of social networks. So if all this freaks you out too much, check out our guide to deleting your Facebook permanently.

[photo credit: Nick Carter via Flickr]

Editors' Recommendations

Facebook removes nearly 800 QAnon-related groups, pages, hashtags, and ads
QAnon conspiracy theorist holds a sign

Facebook took down nearly 800 groups associated with the far-right conspiracy theory group QAnon on Wednesday, as well as more than 1,500 advertisements and 100 pages tied to the group in a move to restrict "violent acts."

In a blog post, Facebook said the action is part of a broader "Dangerous Individuals and Organizations" policy measure to remove and restrict content that has led to real-world violence. The policy will also impact militia groups and political protest organizations like Antifa.

Read more
Facebook now lets businesses charge for online events
facebook paid event image

Facebook is letting businesses charge money for live online events, which it says will help businesses stay afloat as the pandemic keeps customers away from storefronts.

With the new addition to the platform, page owners can host an event on Facebook and charge guests attendance fees.

Read more
Facebook ad boycotters to Congress: Don’t let Zuckerberg off easy
mark zuckerberg thinking

The organizers of the #StopHateforProfit Facebook ad boycott have written a letter to the House Judiciary Committee asking the members to particularly press Facebook CEO Mark Zuckerberg about the company’s alleged monopoly over the advertising sphere.
First reported by Axios, the letter suggests several pointed questions that lawmakers could ask: For instance, what percentage of U.S. digital ad spending runs through Facebook and its subsidiaries, what this means for small and medium businesses, and whether there are any alternatives for advertisers to reach certain demographics with the power and efficiency that Facebook uses. The questions seem intended to get at whether Facebook is truly the monopoly it claims not to be.
In June, several hundred major brands, including Coca-Cola, Unilever, and Starbucks, signed on with activist groups led by Common Sense Media, the National Association for the Advancement of Colored People, and the Anti-Defamation League to remove their ads from Facebook for the month of July. This was an attempt, the groups said, the put pressure on Facebook to change its policies about hate speech and misinformation.

However, Facebook has proven resilient against so many big advertisers leaving its platform. Although MarketWatch reported that its stock tanked briefly in June when the boycott was announced, total ad revenue has remained basically steady throughout the boycott, according to Forbes. The social media giant is set to publish its second-quarter earnings report on Thursday, which should show whether the boycott had any kind of major effect on Facebook's bottom line.

Read more