120 Million users facebook data exposed

Facebook is a popular free social networking website that allows registered users to create profiles, upload photos and video, send messages and keep in touch with friends, family, and colleagues.Cyber Threats

Individuals are as yet getting over the most questionable information outrage of the year, i.e., Cambridge Analytica embarrassment, and Facebook is under flame once more after it develops that a mainstream test application on the internet based life stage mh-fact2uncovered the private information of up to 120 million clients for quite a long time.

Facebook was in contentions not long ago finished a test application that sold information of 87 million clients to a political consultancy firm, who purportedly helped Donald Trump win the US administration in 2016.

Presently, an alternate outsider test application, called NameTests, discovered uncovering information of up to 120 million Facebook clients to any individual who happened to discover it, a moral programmer uncovered.

NameTests[.]com, the site behind well known social tests, similar to “Which Disney Princess Are You?” that has around 120 million month to month clients, utilizes Facebook’s application stage to offer a quick method to join.

Much the same as some other Facebook application, joining on the NameTests site utilizing their application enables the organization to get vital data about your profile from the Facebook, with assent normally.

Programmer View :

However, Inti De Ceukelaire, a bug abundance seeker, and programmer found that the well-known quiz website is leaking signed in client’s detail to alternate sites opened in a similar program, enabling any malicious website to access that information effortlessly.

In a Medium post came into vision yesterday, Ceukelaire said he jumped at the chance to take part in the Data Abuse Bounty Program that Facebook as of late propelled in the wake of Cambridge Analytica outrage. Along these lines, he began taking a gander at the applications his companions on Facebook had introduced.

Further Explained:

Ceukelaire at that point chose to take his first test through the NameTests application, and as he began investigating the test procedure, he saw that the site was bringing his own data from “http://nametests%5B.%5Dcom/appconfig_user” and show it on its site.

Ceukelaire was stunned when he saw his own information in a JavaScript record that could without much of a stretch be gotten to by for all intents and purposes any site when they would ask for it.facebook-hacker-670x335

What can they do?

This website can leak your photos, your friend’s information, your whole personal information and everything that is connected to your Facebook account.

This issue was due to a simple yet severe flaw in NameTests website that appears to have existed since the end of 2016.

Storing user data in JavaScript file caused the website to leak data to other websites, which is otherwise not possible due to browser’s Cross-Origin Resource Sharing (CORS) policy that prevents a website from reading the content of other websites without their explicit permission.

As a proof of concept, Ceukelaire developed a malicious website that would connect to NameTests to mine the data of visitors using the app. Using a simple bit of code, he was able to harvest the names, photos, posts, pictures, and friends lists of anyone taking part in the quiz.

 

Facebook company review:

On 27th June, Facebook contacted Ceukelaire and informed him that NameTests had fixed the issue by not doing anything harmless, and at his request, donated $8,000 to the Freedom of the Press Foundation as part of its Data Abuse Bounty Program.

NameTests website Page Response:

Germany shows the insights of that website that the user page response traffic is so fast and German Social company says that whoever is behind NameTests website, claims to have more than 250 million registered users and have reached more than 3 billion page views per month.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.