Dear Valued Visitor,

We have noticed that you are using an ad blocker software.

Although advertisements on the web pages may degrade your experience, our business certainly depends on them and we can only keep providing you high-quality research based articles as long as we can display ads on our pages.

To view this article, you can disable your ad blocker and refresh this page or simply login.

We only allow registered users to use ad blockers. You can sign up for free by clicking here or you can login if you are already a member.

Facebook Inc. (FB) Fixes Major Account Hijack Vulnerability

Facebook Inc. (NASDAQ:FB) has been constantly working on privacy and security issues involving its large database of users and user information. The company has had several run-ins with various regulators regarding privacy of users who visit the site, and they are confronted with security threats, especially in the wake of several cyberattacks recently that seem to have targeted Facebook, Apple devices and other entities. Recently, a security engineer found a major vulnerability in Facebook that, if exploited, would allow hackers easy opportunities to hijack legitimate accounts and take control of them.

Facebook Inc. (NASDAQ:FB) has reported fixed the vulnerability, which was found by was presented with a major vulnerability by Web security engineer Nir Goldshlager, an opening that supposedly could have allowed hackers to gain access to user account information by getting users to open specially created URLs. The vulnerability applied to mobile and touchscreen devices and allowed hackers to gain access to certain personal pieces of information contained in certain authorization tokens that were placed with third-party applications that Facebook users approved. Apparently the URL paths on these devices weren’t cleaned, so a hacker could create URLs that could steal these authorization tokens.

Facebook Inc. (FB)Goldshlager noted that this vulnerability was prevalent on Facebook Messenger when accessed through the mobile or touch Facebook Inc. (NASDAQ:FB) platforms, and getting into Messenger means a hacker can not only access a user account, but it can ake complete control of the account.

Facebook Inc. (NASDAQ:FB), like many other tech companies like Google Inc. (NASDAQ:GOOG) and Microsoft Corporation (NASDAQ:MSFT), provides a “bug bounty” program, which pays monetarily to security engineers who find vulnerabilities and bring them to the attention of Facebook’s security team. Once the bug is fixed, the company may pay on a scale according to the significance of the vulnerability. When asked about the Facebook program, Goldshlager wrote by e-mail, “I can’t say how much, but they pay more then any other bug bounty program that I know.”

What do you think? Let us know your thoughts about Facebook Inc. (NASDAQ:FB) security and privacy work and your thoughts about this specific vulnerability in the comments section below.

DISCLOSURE: I own no positions in any stock mentioned.

Please see these related FB articles:

Should You Jump on the Social Bandwagon?

Facebook’s Multiples Valuation

Facebook and Google Discuss Glass