U.S. Markets closed

Facebook bug let websites read 'likes' and interests from a user's profile

Zack Whittaker
Facebook bug let websites read 'likes' and interests from a user's profile

Facebook has fixed a bug that let any website pull information from a user's profile — including their "likes" and interests — without that user's knowledge. "This allowed information to cross over domains — essentially meaning that if a user visits a particular website, an attacker can open Facebook and can collect information about the user and their friends," said Masas. The malicious website could open several Facebook search queries in a new tab, and run queries that could return "yes" or "no" responses — such as if a Facebook user likes a page, for example.