Facebook Inc. (FB) Fixes Major Account Hijack Vulnerability

Facebook Inc. (NASDAQ:FB) has been constantly working on privacy and security issues involving its large database of users and user information. The company has had several run-ins with various regulators regarding privacy of users who visit the site, and they are confronted with security threats, especially in the wake of several cyberattacks recently that seem to have targeted Facebook, Apple devices and other entities. Recently, a security engineer found a major vulnerability in Facebook that, if exploited, would allow hackers easy opportunities to hijack legitimate accounts and take control of them.

Facebook Inc. (NASDAQ:FB) has reported fixed the vulnerability, which was found by was presented with a major vulnerability by Web security engineer Nir Goldshlager, an opening that supposedly could have allowed hackers to gain access to user account information by getting users to open specially created URLs. The vulnerability applied to mobile and touchscreen devices and allowed hackers to gain access to certain personal pieces of information contained in certain authorization tokens that were placed with third-party applications that Facebook users approved. Apparently the URL paths on these devices weren’t cleaned, so a hacker could create URLs that could steal these authorization tokens.

Facebook Inc. (FB)Goldshlager noted that this vulnerability was prevalent on Facebook Messenger when accessed through the mobile or touch Facebook Inc. (NASDAQ:FB) platforms, and getting into Messenger means a hacker can not only access a user account, but it can ake complete control of the account.

Facebook Inc. (NASDAQ:FB), like many other tech companies like Google Inc. (NASDAQ:GOOG) and Microsoft Corporation (NASDAQ:MSFT), provides a “bug bounty” program, which pays monetarily to security engineers who find vulnerabilities and bring them to the attention of Facebook’s security team. Once the bug is fixed, the company may pay on a scale according to the significance of the vulnerability. When asked about the Facebook program, Goldshlager wrote by e-mail, “I can’t say how much, but they pay more then any other bug bounty program that I know.”

What do you think? Let us know your thoughts about Facebook Inc. (NASDAQ:FB) security and privacy work and your thoughts about this specific vulnerability in the comments section below.

DISCLOSURE: I own no positions in any stock mentioned.

Please see these related FB articles:

Should You Jump on the Social Bandwagon?

Facebook’s Multiples Valuation

Facebook and Google Discuss Glass