Massive Security Breach Found on Facebook and MySpace

CYBERSPACE — A developer has discovered a massive flaw in the security of both Facebook and MySpace that leaves users on both social networking sites vulnerable to massive identity theft and fraud.

The developer, Yvo Schaap, discovered the vulnerability, which works by taking advantage of how the two sites remember users' login information and use that information to activate certain Flash apps. Specifically, if a user checks the "remember me" box in the login modules of either site, and then use a Flash app that makes use of their login information, those actions would make their login information vulnerable to a hacker.

That basic problem could give hackers the power to build malicious Flash apps that could harvest users' other personal information, account numbers, photos, messages and everything else posted on either of the two sites.

Schaap emailed administrators at both sites. MySpace resolved the problem first, while Facebook followed close behind. That's the good news.

The bad news is that this vulnerability has been around for months, which means that any number of users may have had their information harvested.

Facebook has launched an investigation into the origin of the bug.

"The security of our users is a top priority for Facebook and we worked with the researcher who identified the issue to fix it," a representative for Facebook said. "We have not received any reports that it was ever exploited."

Tech analyst Jason Kincaid of TechCrunch.com criticized both sites for their lax security standards, but he saved his harshest words for Facebook

"Facebook is no longer just a platform for learning about your college buddies — it’s a serious business, used for photos and messages that can be very sensitive," he said. "I’ve heard of journalists who regularly use Facebook to reach out to potential sources, when secrecy is of the utmost importance. Apparently that’s not a good idea."

Tech-savvy developers may want to read Schaap's full description of the vulnerability, which apparently takes advantage of an imperfection in the programming of a file called "crossdomain.xml."

Related:  

Copyright © 2024 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More News

Clip Page Launches 'Creator Analytics' Feature

Custom content marketplace Clip Page has launched the Creator Analytics feature on its platform.

BBWXXXAdventures Relaunches Through Grooby's Blue.xxx

Paysite BBWXXXAdventures has relaunched under Grooby's new website management company Blue.xxx.

Flirt4Free Announces 'Tease the Season' Holiday Contest

Flirt4Free has announced its Tease the Season promo and model contest, which will run Dec. 21-25.The competition is led by the return of the Snowflake Contest, where models can be gifted digital snowflakes by their fans. The models who collect the most snowflakes by 11:59 a.m. on Christmas Day will win cash prizes.

SWR Data Publishes 2024 'Top Creator Platforms' Report

Adult industry market research firm SWR Data has published a report on the Top Creator Platforms of 2024.

MintStars Joins Pineapple Support as Supporter-Level Sponsor

Content platform MintStars has joined the ranks of over 60 adult businesses and organizations committing funds and resources to Pineapple Support.

Politicians Aim to Study Effects of FOSTA-SESTA on Sex Workers

In an encouraging sign for sex workers, California State Representative Ro Khanna and U.S. Senator Elizabeth Warren of Massachusetts have reintroduced the SAFE SEX Workers Study Act, which aims to study the effects of FOSTA-SESTA.

Pornhub to Shut Down Access in Florida Over Age Verification

Aylo will geoblock Pornhub across Florida starting Jan. 1, when HB 3, the state's age verification law, goes into effect.

AEBN Publishes Popular Searches by Country for October, November

AEBN has released the list of popular searches from its straight and gay theaters by country in October and November.

Jacquie et Michel Acquired by 'International Fund'

French adult studio Jacquie et Michel has been acquired by an international fund, marking a significant development for the well-known brand.

YouPay Joins Pineapple Support as Sponsor, Introduces 'Permanent Donation' Feature

Australian gifting platform YouPay has joined the ranks of Pineapple Support’s partner-level sponsors.

Show More