discovered a bug back in May that would have allowed potential hackers to access private information on Facebook users and their friends.
Ron Masas from Imperva figured out that each of Facebook’s online search results contained an iFrame element in their HTML which apparently allowed the researcher to see if a query was answered with yes or no. Asking and querying the right questions allowed him to access all kind of user information.
The queries itself would run questions that return yes and no answers, something like “does the user like the [insert random page name] page”. According to Masas the vulnerability exposed the user and their friends’ interests – no matter what the privacy settings were saying.
Take a look at the video in order to see how the vulnerability is exploited:
Some other interesting examples of data which Masas was able to extract are:
Imperva and Facebook started to fix the issue immediately after its disclosure so there is no need for you to worry.