16

So, anybody aware of this? Does anybody know what the vulnerability is?

Comments
  • 2
    Didn’t a similar thing happen a while ago where you could do view as and read that persons messages?
  • 3
    ok, that is bad timing, I am currently in the 2 week cool down time after clicking on "delete my account"...
  • 0
    @irene Funny, but I really wanted the technical details ;D
  • 0
  • 0
    Social engineering, ergo stupid human beings
  • 1
    The vulnerability was that Facebook has a feature called "View-as". Which, as the name suggests, allows you to view a person's profile as that person or any other person. While this is harmless in theory, things can get super messy if you don't have a good set of security rules, as with anything.
  • 3
    The access tokens were public due to a Facebook bug. Those tokens make that you don't have to re-login on your account everywhere all the goddamn time.
  • 0
    @bigus-dickus but nothing happened
Add Comment