{"id":1187,"date":"2013-02-26T10:53:12","date_gmt":"2013-02-26T15:53:12","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=1187"},"modified":"2013-02-26T10:53:12","modified_gmt":"2013-02-26T15:53:12","slug":"researcher-finds-flaw-that-grants-access-to-any-facebook-account","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2013\/02\/26\/researcher-finds-flaw-that-grants-access-to-any-facebook-account\/","title":{"rendered":"Researcher finds flaw that grants access to any Facebook account"},"content":{"rendered":"<p>A security expert recently outlined steps on his blog that allowed him to gain unprecedented access to anyone\u2019s Facebook account. Nir Goldshlager said a flaw in Facebook\u2019s OAuth service, which is used to by developers to solicit permission from users to access data when using an app, granted full access to every Facebook account.<br \/>\nIf you use Facebook, you\u2019re already familiar with the OAuth service \u2013 it\u2019s that small \u201callow\u201d button you have to click to give a developer access to certain data. But by modifying the OAuth URL, Goldshlager was able to access the inbox, outbox, photos, videos and more of anyone he wanted.<br \/>\nTypically a person would still have to click the \u201callow\u201d button but by going through Facebook\u2019s messaging app, he was able to circumvent this step that worked on all browsers. The flaw would work until a user changed their password, he said, because the token had no expiration date.<br \/>\nInstead of exploiting the bug for his own personal gain, Goldshlager worked with Facebook\u2019s White Hat Program to get the vulnerability patched. The White Hat Program rewards security researchers that bring vulnerabilities to the social network\u2019s attention.<br \/>\nA spokesperson for Facebook said that due to the responsible reporting of the issue, there is no evidence that users were impacted by the bug. Facebook further said they provided a bounty to the researcher as thanks for their contribution although they didn\u2019t disclose the amount of the reward.<br \/>\nvia <a href=\"http:\/\/www.techspot.com\/news\/51749-researcher-finds-flaw-that-grants-access-to-any-facebook-account.html\" target=\"_blank\">Researcher finds flaw that grants access to any Facebook account &#8211; TechSpot<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A security expert recently outlined steps on his blog that allowed him to gain unprecedented access to anyone\u2019s Facebook account. [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[7,8],"tags":[347,455,850],"class_list":["post-1187","post","type-post","status-publish","format-standard","hentry","category-security","category-social-media","tag-facebook","tag-hacking","tag-privacy-flaw"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/papNkV-j9","jetpack-related-posts":[{"id":9516,"url":"https:\/\/nccomputertech.com\/techtalk\/2019\/02\/03\/to-the-woodshed-with-you-this-week-in-tech-704\/","url_meta":{"origin":1187,"position":0},"title":"To the Woodshed With You! &#8211; This Week in Tech 704","author":"NCCT","date":"February 3, 2019","format":false,"excerpt":"https:\/\/youtu.be\/14UX3TQ0K3Q FaceTime Flaw, Apple Spanks Facebook and Google, Huawei Suspicions, FBI Wants Your DNA, and more. \u2022 How to Watch the Superbowl Commercials Without All That Annoying Football \u2022 Apple's Not So Horrible Quarterly Earnings \u2022 Facetime Flaw Dulls Apple's Privacy Shine \u2022 Apple Spanks Facebook and Google for Data\u2026","rel":"","context":"In &quot;Apple&quot;","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/14UX3TQ0K3Q\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9511,"url":"https:\/\/nccomputertech.com\/techtalk\/2019\/01\/22\/millsplain-it-to-me-this-week-in-tech-702\/","url_meta":{"origin":1187,"position":1},"title":"Millsplain It to Me &#8211; This Week in Tech 702","author":"NCCT","date":"January 22, 2019","format":false,"excerpt":"https:\/\/youtu.be\/EtTfFJVBZ6s -Apple's Tim Cook Calls for Data Privacy. -773M Passwords Pwned - How to Find Out If Yours Was. -Amazon Tries to Make Alexa Sound \"Newsy.\" -Google Buys Fossil. -74% of Facebook Users are Clueless. -Facebook's 10 Year Challenge. -Atari Founder Making Alexa Board Games. -Stop Using Windows Phone! -Tokyo\u2026","rel":"","context":"In &quot;Apple&quot;","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/EtTfFJVBZ6s\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9518,"url":"https:\/\/nccomputertech.com\/techtalk\/2019\/02\/10\/between-the-buns-this-week-in-tech-705\/","url_meta":{"origin":1187,"position":2},"title":"Between the Buns &#8211; This Week in Tech 705","author":"NCCT","date":"February 10, 2019","format":false,"excerpt":"https:\/\/youtu.be\/KZ52Am221no Improving government websites, blocking the big five, Spotify\u2019s podcast move, and more. -- Alphabet Earnings: Google's Cost Per Click -- Cutting out Google, Apple, Amazon, Facebook, and Microsoft -- The US to Ban Huawei 5GTech -- Germany Outlaws Facebook's Business Model -- What if Google Just Doesn't Pay Its\u2026","rel":"","context":"In &quot;Apple&quot;","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/KZ52Am221no\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9910,"url":"https:\/\/nccomputertech.com\/techtalk\/2025\/02\/11\/slap-and-flop-siri-ios-18-3-update-apple-music\/","url_meta":{"origin":1187,"position":3},"title":"Slap and Flop &#8211; Siri, iOS 18.3 Update, Apple Music","author":"NCCT","date":"February 11, 2025","format":false,"excerpt":"https:\/\/youtu.be\/Xwqi58VczQ4 What's going on with Siri? iOS 18.3 update is out now, along with a fix to a zero-day flaw. You can buy iPhones on eBay with TikTok installed on them as TikTok is still not available for download on the App Store. And on January 27th, 2010, Steve Jobs\u2026","rel":"","context":"In &quot;Apple&quot;","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/Xwqi58VczQ4\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9434,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/11\/19\/big-boy-easy-bake-oven-this-week-in-tech-693\/","url_meta":{"origin":1187,"position":4},"title":"Big Boy Easy Bake Oven &#8211; This Week in Tech 693","author":"NCCT","date":"November 19, 2018","format":false,"excerpt":"https:\/\/youtu.be\/UZTkCVjGjWQ - Facebook's latest crisis is... its reaction to its last crisis. - Waymo plans a driverless car service. - Amazon announces its new headquarters in Queens and North Virginia. - Google's \"smart city\" in Toronto gets some pushback. - Julian Assange has been charged with... something? - SpaceX gets\u2026","rel":"","context":"In &quot;Technology&quot;","block_context":{"text":"Technology","link":"https:\/\/nccomputertech.com\/techtalk\/category\/technology\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/UZTkCVjGjWQ\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9930,"url":"https:\/\/nccomputertech.com\/techtalk\/2025\/05\/16\/fbi-says-toss-your-old-router\/","url_meta":{"origin":1187,"position":5},"title":"FBI Says Toss Your Old Router","author":"NCCT","date":"May 16, 2025","format":false,"excerpt":"https:\/\/youtu.be\/scR199zRjvA On Security Now, Steve talks about the FBI's suggestion that we should be tossing out our old routers.","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/scR199zRjvA\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/1187","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=1187"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/1187\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=1187"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=1187"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=1187"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}