Terrifying Facebook security flaw lets hacker access anyone’s page

facebook lockIs Facebook secure? We questions the site’s security constantly, but no matter how many times evidence hints that the answer is a big fat “NO,” we keep coming back.

So there probably won’t be much fallout from the most recent Facebook security flaw discovery, even though Web application security specialist Nir Goldshlager figured how to hack into all of your Facebook pages. That’s right. Everyone. You. Me. Your grandma. Your high school friend who always posts uninformed political commentary.

Goldshlager investigated a weakness he found in Facebook’s OAuth system, and wrote about what the gaping security hole on his personal blog. In brief, he exploited an app authorization security flaw that easily gave him full access to Facebook user pages, even when users did not have installed apps on their account.

fb security

As Goldshlager described it, “there are built-in Applications in Facebook that users never need to accept.” So even if you studiously avoid giving third-party apps permission to access your account, Facebook’s pre-installed applications (like Facebook Messenger) exposed users to the same vulnerability.

After reporting the problem to Facebook, the company awarded him its “White Hat” for security contributions. It also promptly fixed the bug.

Goldshlager exposes security flaws for a living, so if you’re worried about your nosy aunt hacking her way into your Facebook account, these flaws are too hidden for the average Facebook user to figure out. But even semi-sophisticated hackers could find similar holes and use them to hunt for personal information in private messages, leading to identity theft or widespread malware installation.

While the security issue has been fixed, we can’t blame anyone who’s a bit shaken up by the privacy and security failures of social networks. So if all this freaks you out too much, check out our guide to deleting your Facebook permanently.

[photo credit: Nick Carter via Flickr]

Social Media

Facebook is rolling out a Messenger ‘unsend’ feature, and here’s how to use it

Facebook is starting to roll out a "remove message" feature for its Messenger app. It lets you delete a message in a thread within 10 minutes of sending it, and replaces it with a note telling recipients that it's been removed.
Social Media

Going incognito: Here's how to appear offline on Facebook

How do you make sure your friends and family can't see if you're on Facebook, even if you are? Here, we'll show you how to turn off your active status on three different platforms, so you can browse Facebook without anyone knowing.
Computing

Protecting your PDF with a password isn't difficult. Just follow these steps

If you need to learn how to password protect a PDF, you have come to the right place. This guide will walk you through the process of protecting your documents step-by-step, whether you're running a MacOS or Windows machine.
Web

Data stolen from HealthCare.gov includes partial SSNs and immigration status

Around 75,000 users have had their user data stolen from government site healthcare.gov, including information on their immigration status, whether they were pregnant, and partial social security numbers.
Social Media

Dine and dash(board): Make a Yelp reservation from your car’s control panel

Already in the car, but can't decide where to eat? Yelp Reservations can now be added to some dashboard touchscreens. Yelp Reservations searches for restaurants within 25 miles of the vehicle's location.
Computing

Hackers sold 120 million private Facebook messages, report says

Up to 120 million private Facebook messages were being sold online by hackers this fall. The breach was first discovered in September and the messages were obtained through unnamed rogue browser extensions. 
Social Media

Facebook opens pop-up stores at Macy’s, but they’re not selling the Portal

Facebook has opened pop-up stores at multiple Macy's, though they're not selling Facebook's new Portal device. Instead, they're showcasing small businesses and brands that are already popular on Facebook and Instagram.
Web

Switch up your Reddit routine with these interesting, inspiring, and zany subs

So you've just joined the wonderful world of Reddit and want to explore it. With so many subreddits, however, navigating the "front page of the internet" can be daunting. You're in luck -- we've gathered 23 of the best subreddits to help…
Social Media

Facebook Messenger will soon let you delete sent messages

A feature coming to Facebook Messenger will let you delete a message for up to 10 minutes after you send it. The company promised the feature months ago and this week said it really is on its way ... "soon."
Social Media

Pinterest brings followed content front and center with full-width Pin format

Want to see Pinterest recommendations, or just Pins from followed users? Now Pinners can choose with a Pinterest Following feed update. The secondary feed eliminates recommendation and is (almost) chronological.
Smart Home

Facebook's Alexa-enabled video-calling devices begin shipping

Facebook's Portal devices are video smart speakers with Alexa voice assistants built in that allow you to make calls. The 15-inch Portal+ model features a pivoting camera that follows you around the room as you speak.
Social Media

Vine fans, your favorite video-looping app is coming back as Byte

Vine fans were left disappointed in 2017 when its owner, Twitter, pulled the plug on the video-looping app. But now one of its co-founders has promised that a new version of the app, called Byte, is coming soon.
News

Social media use increases depression and anxiety, experiment shows

A study has shown for the first time a causal link between social media use and lower rates of well-being. Students who limited their social media usage to 30 minutes a day showed significant decreases in anxiety and fear of missing out.
Social Media

Twitter boss hints that an edit button for tweets may finally be on its way

Twitter has been talking for years about launching an edit button for tweets, but it still hasn't landed. This week, company boss Jack Dorsey addressed the matter again, describing a quick-edit button as "achievable."