Facebook Code Update Gone Wrong Exposes Anonymous Admins
Recently Facebook encountered quite a bug crisis, as a bad code update going live on the night of 10th January apparently prompted the exposure of the mysterious anonymous of admins and many known personalities for a few hours.
All it took to exploit' the bug was opening a target page and checking specifically the edit history of a post and Facebook erroneously showed the account or accounts that made those edits to each post, as opposed to simply displaying the edits themselves.
In spite of the fact that Facebook immediately pushed a fix for this flaw, yet it wasn't quick than the word that had already got around on message boards like 4chan, where users posted screen captures that 'doxed' the accounts behind prominent and rather well-known pages.
Saying that it was the aftereffect of a code update, the social media giant, exposed the accounts behind the official Facebook Pages of the 'pseudonymous' artist Banksy, Russian President Vladimir Putin, former US secretary of state Hillary Clinton, Canadian Prime Minister Justin Trudeau alongside the Climate activist Greta Thunberg, and rapper Snoop Dogg, among others.
No data past a name and public profile link was accessible; however, for those admins running anti-regime pages under 'a repressive government', even this much public exposure is also extremely alarming.
After a series of privacy and security indiscretions, Facebook has concentrated explicitly on building out its protections and has additionally been relentlessly growing its bug bounty, which has encouraged researchers, just like the person who discovered the edit history bug, to submit security flaw for potential rewards in the future.
As ambitious upgrades like these require some serious effort and time and no absolutely no amount of added security can change the major risks that go with amassing the information of 2.5 billion individuals.
Lukasz Olejnik, an independent privacy adviser and research associate at Oxford University's Center for Technology and Global Affairs says, "For sensitive pages, I would not rule out that some people may be feeling that they are in danger due to what happened today, using fake accounts to run pages would have been a good idea. Some could see it as a paranoid way of hiding, but it's not."
Further adding, "People who run sensitive Pages from their own Facebook should now consider that their identity may be known, while mistakes happen, this one is unexpected."
from E Hacking News - Latest Hacker News and IT Security News https://ift.tt/35XpdRE
Comments
Post a Comment