Skip to main content

A Simple Bug Revealed Admins of Facebook Pages — Find Out How


Facebook Page admins are publicly displayed only if admins have chosen to feature their profiles.

However, there are some situations where you might want to contact a Facebook page admin or want to find out who is the owner of a Facebook page.

Egyptian security researcher Mohamed A. Baset has discovered a severe information disclosure vulnerability in Facebook that could have allowed anyone to expose Facebook page administrator profiles, which is otherwise not supposed to be public information.

Baset claimed to have discovered the vulnerability in less than 3 minutes without any kind of testing or proof of concepts, or any other type of time-consuming processes.
find-facebook-page-admin

In a blog post, Baset said he found the vulnerability, which he described as a "logical error," after receiving an invitation to like a particular Facebook page on which he had previously liked a post.

Facebook has introduced a feature for page admins wherein they can send Facebook invitations to users asking them if they wished to like their page after liking a post, and a few days later, these interacted users may receive an email reminding them of the invitation.

After Baset received one such email invite, he simply opened "show original" drop-down menu option in email. Looking at the email's source code, he noticed that it included the page administrator's name, admin ID and other details.

The researcher then immediately reported the issue to the Facebook Security Team through its Bugcrowd bug bounty program. The company acknowledged the bug and awarded Baset $2,500 for his findings.

Though Facebook has now patched this information disclosure issue, people who have already received one such page invitation can still find out admin details from the invitation emails.
"We were able to verify that under some circumstances page invitations sent to non-friends would inadvertently reveal the name of the page admin which sent them," Facebook said. "We've address the root cause here, and future emails will not contain that information."
 YOU MAY ALSO LIKE:

Labels:
Location: India

Comments

Post a Comment

Popular posts from this blog

Microsoft To Update Windows ‘Notepad App’ After Years, Teases New Features

E very week or the other, Microsoft releases a new build for the fast ring insiders. The latest Windows 10 Insider Preview Build 17713 bring a pack of surprises for Windows users. Redmond always listens to users, and this time, they have heard to Notepad users who were fed up with the uninteresting interface. Microsoft is giving its text editor Notepad new features after a very long time. Yes, the very same app that people use to write random text, create batch files and HTML pages, etc. Among the new Notepad features being added to Windows, you would be able to zoom into text by using the mouse wheel while holding down the Ctrl key. A long requested feature is coming for users; Microsoft is adding ctrl+backspace support to delete a previous word. Other than these, you will now have the ability to wrap around find and replace. Also, the status bar is now enabled by default in Notepad. There are few performance improvements for large...
Post a Comment
Read more

Google starts rolling out ‘Call Screen’ feature for Pixel smartphones

San Francisco, Dec 2 (IANS) Google has started rolling out a feature for its Pixel smartphones that lets users make use of the Google Assistant to see who is calling and why before they answer a call. The feature allows users to see a real-time transcript of how the caller responds so that they can then decide whether to pick up, respond by tapping a quick reply (for example, “I’ll call you back later”), or mark the call as spam and dismiss. “Call Screen is only available to English speakers in the United States who have Pixel 2, 2 XL, 3, or 3XL devices. If you don’t see Call Screen in the Phone app’s settings, it’s not available yet,” Google said. Call Screen, which can help users save the time spent on picking up unimportant calls from unknown numbers, does not use Wi-Fi or mobile data of the user. This feature does not work with third-party call recording and screen recording apps as these apps may interfere with how the feature works. It is better to turn off these app...
Post a Comment
Read more

Facebook Fined £500,000 for Cambridge Analytica Data Scandal

Facebook has finally been slapped with its first fine of £500,000 for allowing political consultancy firm Cambridge Analytica to improperly gather and misuse data of 87 million users. The fine has been imposed by the UK's Information Commissioner's Office ( ICO ) and was calculated using the UK's old Data Protection Act 1998 which can levy a maximum penalty of £500,000 — ironically that’s equals to the amount Facebook earns every 18 minutes. The news does not come as a surprise as the U.K.'s data privacy watchdog already notified the social network giant in July this year that the commission was intended to issue the maximum fine. For those unaware, Facebook has been under scrutiny since earlier this year when it was revealed that the personal data of 87 million users was improperly gathered and misused by political consultancy firm Cambridge Analytica, who reportedly helped Donald Trump win the US presidency in 2016. The ICO, who launched an investigatio...
Post a Comment
Read more