Facebook has fixed a bug that could have been abused by someone looking to get their hands on the full names and photos of users.
Atul Agarwal of Secfence Technologies posted information about the issue to the Full Disclosure mailing list 11 August. If someone entered a user’s email address and the wrong password in the login page, the site coughed up the user’s full name and profile picture in addition to an incorrect password message.
The problem could have been exploited for social engineering purposes by phishers, or used to verify random email addresses by checking them against Facebook, Agarwal added.
In a statement, a Facebook spokesperson said the bug has been fixed, and added that the site’s policy prohibits anyone from scraping it for information.
“We have technical systems in place to prevent people’s names and profile photos from showing to unrelated users upon login, but a recently introduced bug temporarily prevented these from working as intended,” according to the spokesperson. “We remedied the situation swiftly.”
Earlier this year, Facebook revamped its privacy controls in response to criticism, and recently moved to extend those controls to users of the mobile version of the site.
Google parent Alphabet sees market capitalisation surge over $2tn on plan to over first-ever cash…
Google asks Virginia federal court to dismiss case brought by US Justice Department and eight…
Snapchat parent Snap reports user growth, revenues in spite of tough competition, in what may…
Intel shares sag after company shares gloomy revenue predictions, as data centre chip demand hit…
Germany's Tuta Mail says Google broke EU's new DMA rules with March algorithm update that…
US auto safety regulator opens new investigation into adequacy of Tesla Autopilot recall, saying it…