A Facebook vulnerability that allows a malicious actor to delete any photo a user saved to the social network was discovered. A security researcher found the flaw in Facebook’s new poll feature that gives a user the capability to create two-question polls that friends and followers can vote on. The social network’s security team was alerted and provided an initial fix within 12 hours and a full fix two days later.
Iran-based security researcher and web developer Pouya Darabi was checking Facebook's new feature when he noticed the flaw. Darabi discovered he could attach an image by changing the ID numbers. This allowed him to preview pictures uploaded online by Facebook users, and add them to a poll. When he deleted that poll, the attached images were also permanently deleted from the social network.
The vulnerability is not easy to exploit because the ID numbers are not entirely sequential for the uploaded pictures. Malicious actors would have to measure their steps to hit a valid image. Hence, targeting specific photos would be difficult.
Darabi was awarded US$10,000 for discovering and reporting the security bug. This was not the first time the security researcher earned a bounty from Facebook. In 2015, he was awarded $15,000 for bypassing its cross-site request forgery (CSRF) protection systems. The following year, he received another $7,500 for a similar flaw.
The discovery of the flaw is a reminder that social networks and its users are equally vulnerable to threats. Users should be careful when navigating their social media accounts because if not for the quick fix Facebook rolled out upon the security researcher’s notification, there’s nothing they could have done to combat this vulnerability. The fix prevented exposing users' digital assets, but they should always be on the lookout for future exploits that cybercriminals may develop.
Secure Your Social Media Account
A recent study found that the average person spends approximately 116 minutes on social networks every day. Their ubiquity and the fact that social media accounts are now being linked to an increasing number of applications and accounts, social media platforms are naturally desirable targets for malicious actors.
Here are some tips for keeping your accounts secure:
For enterprises, here are some tips to keep corporate social media accounts secure.
You can also secure your social media accounts with comprehensive and multilayered protection. Effective and comprehensive security solutions can help you enjoy your digital life safely. Trend Micro™ Maximum Security secures multiple devices, helps manage passwords, and guards against the most prevalent online threats.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.