API bug responsible for Zuckerberg page hack
Posted on 27 January 2011.
When at first Facebook didn't issue a statement about what really happened on Mark Zuckerberg's fan page and how someone managed to post a message in his name calling upon the firm to adopt a social cause, many speculated about the hacking method behind the breach.

At the time, Facebook reacted by making the fan page unaccessible and started an investigation that revealed that the post was the result of an API bug that allowed status postings by unauthorized people on various public pages.

A Facebook spokesman says that the bug has been fixed, but he would not name the high-profile accounts affected by the bug and the pages where unauthorized postings turned up. CNet reports that he also would not say whether the bug was taken advantage to post a message on French President Nicolas Sarkozy's Facebook page from his account.

Joe Sullivan, Facebook's chief security officer, claims that the bug allowed the person(s) behind the posts to do only that, and that it didn't give them access to the private data contained in these specific accounts.

It is unknown whether the launch of the new security features Facebook announced yesterday has had - at least in part - anything to do with this incident.






Spotlight

Operation Pawn Storm: Varied targets and attack vectors, next-level spear-phishing tactics

Posted on 23 October 2014.  |  Targets of the spear phishing emails included staff at the Ministry of Defense in France, in the Vatican Embassy in Iraq, military officials from a number of countries, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //