Terrifying Facebook security flaw lets hacker access anyone’s page

facebook lockIs Facebook secure? We questions the site’s security constantly, but no matter how many times evidence hints that the answer is a big fat “NO,” we keep coming back.

So there probably won’t be much fallout from the most recent Facebook security flaw discovery, even though Web application security specialist Nir Goldshlager figured how to hack into all of your Facebook pages. That’s right. Everyone. You. Me. Your grandma. Your high school friend who always posts uninformed political commentary.

Goldshlager investigated a weakness he found in Facebook’s OAuth system, and wrote about what the gaping security hole on his personal blog. In brief, he exploited an app authorization security flaw that easily gave him full access to Facebook user pages, even when users did not have installed apps on their account.

fb security

As Goldshlager described it, “there are built-in Applications in Facebook that users never need to accept.” So even if you studiously avoid giving third-party apps permission to access your account, Facebook’s pre-installed applications (like Facebook Messenger) exposed users to the same vulnerability.

After reporting the problem to Facebook, the company awarded him its “White Hat” for security contributions. It also promptly fixed the bug.

Goldshlager exposes security flaws for a living, so if you’re worried about your nosy aunt hacking her way into your Facebook account, these flaws are too hidden for the average Facebook user to figure out. But even semi-sophisticated hackers could find similar holes and use them to hunt for personal information in private messages, leading to identity theft or widespread malware installation.

While the security issue has been fixed, we can’t blame anyone who’s a bit shaken up by the privacy and security failures of social networks. So if all this freaks you out too much, check out our guide to deleting your Facebook permanently.

[photo credit: Nick Carter via Flickr]

Social Media

Facebook says it unintentionally uploaded email contacts of 1.5 million users

Facebook says that over the last two years it unintentionally uploaded the email contacts of 1.5 million users as they signed up to the social networking service. The process has ended and the email addresses are being deleted.
Smart Home

Oh, Zuck, no! Facebook rumored to be creating a voice assistant to rival Alexa

Facebook hasn't been a big player in the smart speaker market, but that may be changing: The social media giant is reportedly working on a digital assistant to compete against Alexa and others.
Social Media

No more moon showers as Facebook Messenger’s dark mode gets official rollout

Facebook Messenger launched a dark mode last month, but to activate it you had to message the crescent moon to someone. Now it's been rolled out officially, and it can be accessed in a far more sensible way — via settings.
Social Media

Facebook, Instagram, and WhatsApp went down worldwide for 2 hours this morning

Chaos erupted on the internet this morning, as Facebook, Instagram, and Whatsapp all went down from 6:30 a.m. to approximately 9 a.m. Thousands of users were unable to access the sites or send or receive Whatsapp messages.
Social Media

Facebook’s tributes section serves as an online memorial for deceased users

Death doesn't stop Facebook users from sharing memories, and now those memorialized posts have a dedicated spot on the network. Facebook Tribute is a section on memorialized profiles for users to write posts and share memories.
Social Media

How to protect yourself from GoFundMe scams before donating

Can you spot a GoFundMe scam? While the fundraising platform says scams make up less than a tenth of one percent of campaigns, some do try to take advantages of others' charity -- like a case last year that made national news.
Social Media

Your Facebook newsfeed is getting a spring cleaning, and so is Messenger

Hows that newsfeed looking? Facebook has shared an update on efforts to clean up the newsfeed, as well as what tools are coming next. Facebook has new Trust Indicators, while Messenger gains badges for verified accounts.
Social Media

Looking to officially rid your inbox of Facebook messages? Here's how

Deleting messages from Facebook Messenger is almost as easy as scrolling through your News Feed. Here, we show you how to delete an entire conversation or a single message, both of which take seconds.
Social Media

LinkedIn: Now you can express love, curiosity, and more with new Reactions

LinkedIn is following in the footsteps of Facebook (three years later!) with the rollout of new reactions that give users more ways to express themselves when responding to posts in their feed.
Social Media

Twitter’s experimental Twttr app is even more popular than the real thing

Twttr, the new app that lets regular Twitter users test new features, is proving more popular than the main app, according to the company. The revelation suggests some of the innovations may land for all Twitter users soon.
Social Media

Messenger and Facebook, together again? Facebook tests integrating chats

Longing for the old days where Facebook and Messenger were one app? Facebook is testing an integrated chat option. While Messenger remains more feature-rich, the test brings some chat functionality back into the Facebook app.
Social Media

How to download Instagram Stories on iOS, Android, and desktop

Curious about how to save someone's Instagram Story to your phone? Lucky for you, it can be done -- but it does take a few extra steps. Here's what you need to know to save Instagram Stories on both iOS and Android.
Mobile

Skype screen sharing for mobile will let you share your swipes on dating apps

Skype is prepping the launch of screen sharing for mobile so you can share your swipes on dating apps, shop with buddies, or, perhaps, show a PowerPoint presentation to coworkers. It's in beta just now, but anyone can try it.
Social Media

Facebook toys with mixing Stories and News Feed into one swipeable carousel

Facebook's News Feed could look a lot like Stories if a prototype the social media giant is working on rolls out to users. The design change mixes Stories and News Feed posts into a full-screen slideshow that users swipe left to navigate.