Facebook security snafu could compromise accounts

Hackers could take control of user accounts

A researcher has spotted a security problem in Facebook that could lead to hackers taking control of user accounts.

The flaw allows a hacker to execute scripts on Facebook, which could potentially be used to create a fake log-in page and capture people's passwords, according to the XSSED security blog. The discovery is credited to "Mox".

"Malicious people can exploit this issue to execute script code in the context of Facebook or obtain sensitive information from its users, such us clear text authentication credentials with a fake login form," according to the blog post, written by Dimitris Pagkalos.

A cross-site scripting vulnerability can let an attacker display data from another website or run malicious code, which can compromise user data on the targeted website.

Cross-site scripting flaws are increasingly becoming one of the favoured vectors for hackers, and security experts have warned that a vast number of websites potentially contain the vulnerability. In 2006, the Web Application Security Consortium surveyed 31,373 sites and found that 85.57% were vulnerable to cross-site scripting attacks.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags securityFacebookSecurity ID

Show Comments