Hacker Exposes Security Flaw That Gives Full Access To Facebook Profiles

When you see a headline about a hacker gaining access to strangers’ Facebook accounts, you immediately assume the worst. However, in the case of Nir Goldshlager, this hacker was somewhat of a white knight.

When the web developer stumbled upon the flaw in Facebook’s security, he did the right thing and contacted the social network to alert them to the error in their ways, and sat on his discovery until the problem had been fixed.

Writing on his Web Application Security Blog on Saturday, Nir Goldshlager told of how he was able to manipulate the OAuth service – used by developers to obtain various permissions for their apps to run – into giving him full access to accounts, including inboxes, private photos and videos.

You can read more about the specifics of the Facebook security flaw on Mashable, and also on Goldshlager’s blog.

While in this case Facebook was fortunate enough that the person who found the workaround alerted the social network, if someone more mischievous had discovered this way to access strangers’ Facebook accounts, there could have been some severe consequences.

First of all there is the privacy issue to contend with – what sort of damage could someone do if they were able to go through all of your private messages? Even though there is likely to be nothing incriminating there, someone going through your messages and photos is not a particularly comfortable thought, never mind the potential for identity theft and fraud.

And then there is the possibility that they delete your content. While in this case it is not clear if the security flaw enabled a hacker to delete anything, it is always worth backing up any data that is stored online. If you are looking for a way to download the content from your social network accounts for safe keeping, then create your library of you with SocialSafe – the offline backup tool for your online content.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s