Massive Security Breach Found on Facebook and MySpace

CYBERSPACE — A developer has discovered a massive flaw in the security of both Facebook and MySpace that leaves users on both social networking sites vulnerable to massive identity theft and fraud.

The developer, Yvo Schaap, discovered the vulnerability, which works by taking advantage of how the two sites remember users' login information and use that information to activate certain Flash apps. Specifically, if a user checks the "remember me" box in the login modules of either site, and then use a Flash app that makes use of their login information, those actions would make their login information vulnerable to a hacker.

That basic problem could give hackers the power to build malicious Flash apps that could harvest users' other personal information, account numbers, photos, messages and everything else posted on either of the two sites.

Schaap emailed administrators at both sites. MySpace resolved the problem first, while Facebook followed close behind. That's the good news.

The bad news is that this vulnerability has been around for months, which means that any number of users may have had their information harvested.

Facebook has launched an investigation into the origin of the bug.

"The security of our users is a top priority for Facebook and we worked with the researcher who identified the issue to fix it," a representative for Facebook said. "We have not received any reports that it was ever exploited."

Tech analyst Jason Kincaid of TechCrunch.com criticized both sites for their lax security standards, but he saved his harshest words for Facebook

"Facebook is no longer just a platform for learning about your college buddies — it’s a serious business, used for photos and messages that can be very sensitive," he said. "I’ve heard of journalists who regularly use Facebook to reach out to potential sources, when secrecy is of the utmost importance. Apparently that’s not a good idea."

Tech-savvy developers may want to read Schaap's full description of the vulnerability, which apparently takes advantage of an imperfection in the programming of a file called "crossdomain.xml."

Related:  

Copyright © 2024 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More News

JustFor.fans Launches BlueSky Autoposting Feature

JustFor.fans has launched a new BlueSky autoposting feature that shares JFF posts on the social media platform.

Pineapple Support Introduces 'Sacred Rage' Support Group for Performers, Creators

Pineapple Support will host a free online support group for performers and creators, designed for individuals struggling with intense emotions and the pain often hidden behind their anger.

Kansas Attorneys Seek Plaintiffs to Sue Adult Companies Over Age Verification

The Free Speech Coalition (FSC) has released a statement warning that a personal injury law firm in Kansas is soliciting plaintiffs to sue adult companies over the state's age verification

Ukrainian Parliament Registers Bill to Decriminalize Porn

Ukraine's parliament, the Verkhovna Rada, registered a bill today to decriminalize the creation and distribution of pornography.

Cherie DeVille Guests on 'Sex Tales' Podcast

2023 XBIZ Performer of the Year Cherie DeVille is the latest guest on the "Sex Tales" podcast, hosted by Melissa Stratton and Vanniall, streaming on the company’s “Camming Life” YouTube channel.

Niki Media Acquires BritSexCash

Production studio Niki Media BV has acquired affiliate program BritSexCash.

FSC Warns of Nude Photography Site Falsely Claiming Affiliation With Organization

Free Speech Coalition (FSC) published a statement Friday warning of a nude art photography website fraudulently claiming to be associated with the industry trade organization.

MojoHost Reaffirms Commitment to Adult Industry Amid Project 2025 Implications

In the wake of Tuesday’s election and concerns about Project 2025’s potential ramifications, MojoHost President Brad Mitchell has released a statement affirming its commitment to the adult industry.

Adult Web Hosting Service 'Midnight-Host' Launches

Midnight-Host, a new web hosting service specifically for adult websites, has launched.

ASN Lifestyle Magazine Joins Pineapple Support as Media Sponsor

ASN Lifestyle Magazine has joined the ranks of over 60 adult businesses and organizations committing funds and resources to Pineapple Support, partnering with the organization as a media sponsor.

Show More