Facebook is again the victim of a security breach. It was necessary to wait six years and more than 400 million registered members for the vulnerabilities of social network to be finally unveiled. The site has fixed a flaw in its website customization system based on the Open graph. It allowed to retrieve location data of a user.
A closer look and we find that the fault was based in an option of using the Facebook site for Internet Yelp recommendations. Techcrunch says that Yelp is one of three sites chosen by Facebook to test its function of "instant custom" with Pandora and Docs.com. Therefore, if a user connects to one of these sites, Facebook provides a way encrypted personal data so that his visit is personalized.
However, malicious code could be injected via the method of cross-site scripting. All this information prior Figures were visible to an attacker. It was even possible to recover the encryption key and thus benefit from all the information on the Internet.
Still, if the fault has been corrected in less than two hours, it leaves a gaping doubt about the capabilities of Facebook to preserve the identities of Internet users. It should be noted that the site of Mark Zuckerberg is destined to share the email addresses of its users to third party sites. It could be that companies wish to eventually use this valuable information. Unless a wave of unsubscriptions're right social network ...