Cybercriminals have been proactive in exploiting security flaws on social media sites. Facebook has suffered numerous breaches. While, developers are faced with the constant challenge to innovate and enhance user experience, attackers work round the clock and explore websites to find vulnerabilities.
Recently, information security researchers at Indiana University discovered a security flaw in Facebook, which enables attackers to access confidential information without user consent. The security flaw is associated with the Facebook platform code, which allows other websites to gain access to basic information related to Facebook members. For instance, researchers observed that Facebook allows bing.com to access any Facebook members basic information such as name, gender and other personal information. Several other websites have additional permissions to post content on users behalf. Attackers may create simulated websites of other websites, which have permission to access the user information. Once, they gain access to a user account by faking permissions, they may extract sensitive personal information of the users or post fake and derogatory messages on behalf of a legitimate user. The stolen information may be used to create fake social media accounts, contact friends of the user impersonating as a Facebook member. Therefore, the security flaw poses information security risk for users. They may also place malicious links on the account.
Information security professionals at Facebook have mitigated the security flaw. Usually, developers use ethical hacking to identify security holes. In this case, the vulnerability was identified by Rui Wang and Zhou Li.
Developers and product vendors are now encouraging security researchers to identify vulnerabilities in websites, web applications and security products so that corrective action could be initiated before their exploitation by cyber criminals.
Users must change their privacy settings to allow only their legitimate friends and relatives to view their personal information. Developers of social media sites must ensure data security, integrity and confidentiality for continued use of the innovative platform for social interaction and communication.