Facebook 'login hole'

Infosec biz Bitdefender says Facebook has patched a bug it found that potentially allowed miscreants to log into websites as other people.

A hacker could create a Facebook account using an email address belonging to a victim, then at the right moment change the address to one controlled by the hacker to verify the contact details are correct. This new Facebook account is still associated with the victim's email address, and can be used to sign into a website as the victim if they have an account on the site associated with that email address.

In a word: weird. The flaw was, we're told, discovered and reported by Bitdefender's Ionut Cernica, and fixed by Facebook. ®

Biting the hand that feeds IT © 1998–2019