Good news ! Hackbusters community is waiting for you !
KnowBe4 has been running the HackBusters site for a few years now, providing you with trending IT security news. We are expanding it and have launched a new exciting online community! The forum is divided into four main topics or categories: Social Engineering, Ransomware, Phishing and Security Awareness Training. You are invited to be one of the first to join us at:

Facebook Flaws Exposed Friend Lists, Payment Card Data

A researcher last year discovered some information disclosure vulnerabilities in Facebook that exposed users’ friend lists and partial payment card information. The social media giant patched one of the flaws within hours.

Web security consultant Josip Franjković had been analyzing the Facebook application for Android when he identified a flaw that allowed him to obtain any user’s list of friends via a specially crafted request.

Facebook users can prevent others from seeing their friends, but the vulnerability discovered by Franjković could have been exploited to obtain this information regardless of the targeted user’s privacy settings.

GraphQL is an open source data query language designed by Facebook for its mobile applications. GraphQL queries can only be used for Facebook’s own applications—only whitelisted query IDs are allowed—and they require an access token.

Franjković discovered that he could use the client token from the Facebook app for Android, and he could...(continued)

View All Trending Stories