Vulnerability Makes All Facebook Accounts Exposed

New Vulnerability has been discovered in facebook that allows an attacker to obtain all users credential on the social network website. By having the email address an attacker can get the name and pictures of victims.

The vulnerability can works regardless of the account privacy settings, this mean that even if your account hidden from all search engines it is possible to have the sensitive information.

The result of gathered information can be used for phishing attacks or any other issue.

According to the researchers if someone has a list of email address that he has no clue about. He can feed them to Facebook one by one (or in a list, using a script like this) and chances are that he’ll get more than 50% hits. Useful for phishing attacks (People will get more convinced when they see their *real* names).

Or an attacker can randomly generate email addresses and create a database with user’s names and pictures, which mean that you have no privacy and your information, can be easily found.
Update :
Facebook, in a statement sent to SCMagazineUS.com on Thursday, said the glitch has been fixed.

“We have technical systems in place to prevent people’s names and profile photos from showing to unrelated users upon login, but a recently introduced bug temporarily prevented these from working as intended,” Facebook said in a statement. “We remedied the situation swiftly.”

make sure you subscribe to my RSS feed!

Share
  • Pingback: SecureArabia

  • Pingback: Tweets that mention Vulnerability Makes All Facebook Accounts Exposed | SecTechno -- Topsy.com

  • Pingback: Christos Ventouris

  • Pingback: Cyber Informer

  • Pingback: Win Security

  • Pingback: A. Vanderslyke

  • Pingback: Mourad Ben Lakhoua

  • Pingback: Eric Seguinard 

  • Pingback: Lee

  • Pingback: Kristen S

  • Pingback: Joe Bishop

  • Hypnosis gold coast

    Students thwart Facebook threat
    Indiana Daily Student – Claire Aronson – ‎7 hours ago‎
    The vulnerability affects any user with a valid Facebook account, because the user loses anonymity and privacy to any website, Wang said. …
    Facebook rogue application toolkits available for only $25
    SC Magazine UK – Dan Raywood – ‎41 minutes ago‎
    A rogue application that allows cyber criminals to access Facebook accounts for only $25 (£15) has been detected. For the price of a few CDs, …
    Sify
    Facebook bug that allows personal data access, phishing repaired
    Sify – ‎Feb 5, 2011‎
    Washington: A Facebook security threat that would allow anyone to access your personal data has been repaired by the company. The vulnerability was …
    eWEEK Europe UK
    Facebook plugs gnarly authentication flaw
    Register – John Leyden – ‎Feb 2, 2011‎
    The vulnerability only worked if a user had visited a malicious web while logged into Facebook and only in social network profiles that allow applications …
    New Facebook vulnerability patched Computerworld
    Facebook pounces to patch personal data security hole Inquirer
    Facebook bug allows user data theft via specially crafted websites Help Net Security
    V3.co.uk – Naked Security
    all 14 news articles »
    Email this story
    Experts renew call for greater Facebook security
    ZDNet Asia – Tyler Thia – ‎Feb 7, 2011‎
    While Facebook is far from facing a security crisis, Abrams said its users remain “the biggest unsolved vulnerability which Facebook falls flat on its face” …
    Online scams the most lucrative: Cops
    Canada.com – Lori Culbert – ‎Feb 9, 2011‎
    Canadians are vulnerable Internet prey: Forty per cent of adults shop online, 13 million have Facebook accounts, another 3.5 million have Twitter accounts, …
    At Facebook, defense is offense
    CNET – Elinor Mills – ‎Jan 31, 2011‎
    These are the risks of having a data presence on Facebook, all it takes is one vulnerability and your personal data is out. Once its out, its out for anyone …
    Inside the minds of Facebook security ZDNet Australia
    all 9 news articles »
    Email this story
    Price of a Facebook malware toolkit falls to just $25.00
    Infosecurity Magazine – ‎18 hours ago‎
    Only now are they realising how sophisticated hackers are and as result, beginning to consider the vulnerability of apps”, he added.
    Once Upon A Time, There Was A USB Vulnerability In Linux
    Muktware (blog) – Neil Richards – ‎21 hours ago‎
    You can win a Dell Mini Netbook, check out our Cult of Ubuntu Writing Contest. Like the “hottest” Open Source Facebook page Facebook and follow us on …
    Social engineering: 3 examples of human hacking
    Computerworld – Joan Goodchild – ‎2 hours ago‎
    Takeaway 2: It is often the person who thinks he is most secure who poses the biggest vulnerability. One security consultant recently told CSO that …

    * Create an email alert for Vulnerability Makes All Facebook Accounts
    * Add a custom section for Vulnerability Makes All Facebook Accounts to Google News
    * Add a news gadget for Vulnerability Makes All Facebook Accounts to your Google homepage

  • OmayaBoubaker

    j’aime 

  • http://sectechno.com Mourad

    Thanks for commenting and glad that you like the post!

  • Manov rao

    I don’t beleive in facebook privacy.