Facebook has taken over the entire world, and stays at top in the list of social networking sites. There are many social networking sites right now, but before Facebook there was just one. But Facebook doesn’t seem to face any issues with other such websites, which let you check your friends’ profiles, pictures, updates and all that. Now, it is also a great platform for business, and a major way to communicate and share. But the question is ‘How safe are you on Facebook?’ Just about eleven months ago, Vivek Bansal an ethical hacker from India exposed a serious bug on Facebook that let you post to anyone’s timeline without any permission, and he informed this to Facebook. The bug was serious and Vivek was awarded with bounty worth USD 2000. Then the bug was patched and Facebook replied back to him saying that the bug was patched and he is free to publish his discovery.So, everything seemed to be fine and he was under the spotlight of the Indian media and his story was published on YourStory. But now here is what happened next.
He thought of trying the script again, which he developed the break the security of Facebook which allowed him to post on behalf of someone to any other person’s timeline without permission. And he found out that, even after Facebook claimed that they have patched the bug, the script he used earlier was still working fine. This time, he made a video of it and published it on YouTube to show how that one year old script is working even after Facebook’s assurance that the bug was fixed. And here is the video.
You can clearly see in the video, how Vivek is able to post on behalf of someone on anyone’s timeline. Now, what do you think? Feeling scared? Well, everyone should be afraid of this as this kind of loose security concern from Facebook is not expected at all. Many times, Mark Zuckerberg promised to keep the users secure, but looks like now Facebook is now eager to gain more revenues through ads and sponsored posts, rather than being concerned about the security of the huge user base it has.
NOTE: NEITHER THE IGADGETSWORLD TEAM, ITS MEMBERS AND ANYONE ASSOCIATED WITH IT NOR THE PERSON EXPOSING THIS BUG IS RESPONSIBLE FOR ANY KIND OF PHYSICAL HARM/PRIVACY BREACH/FINANCIAL LOSS/ACCIDENTAL DAMAGE DUE TO USAGE OF IT. NEITHER WE ARE IN FAVOR OF VIOLATION OF ANYONE’S ONLINE SECURITY NOR SUPPORT BLACK-HAT HACKING.