January 13, 2020

Facebook Bug – A Bad Code Allowed Anyone to View Page Admin

Last week Facebook rushed to patch an error that exposed accounts of people who manage pages after several high-profile pages were exploited by their weakness.

If the owner of a Facebook page edits a message, users may track changes using the’ See Edit History ‘ function. It function would inform the consumer precisely when a post was updated, but the latest error still shows the account (i.e. profile) of the person making the change.

The profiles running Facebook pages are obscured by design and should not show in the Edit History tab. The issue could have serious consequences, especially for page administrators who try to keep their identity secret.

According to Wired, on Thursday evening the vulnerability was introduced, and only until Friday morning. The bug was disclosed on websites like 4chan, but people quickly started abussing it against high-performance pages. Facebook told Wired they learned about the problem from a security researcher, but it isn’t clear who the researcher is. Such threatened accounts featured President Donald Trump, Canadian Premier Justin Trudeau, online street artist Banksy, unidentified hacktivists, and singer Snoop Dogg.

This is not the first time a bug has compromised Facebook accounts managers. About two years ago, a researcher found an e-mail invitation to like a Facebook page containing the name of the page administrator, in the e-mail source code.

“People who run sensitive Pages from their own Facebook should now consider that their identity may be known,” Olejnik says. “While mistakes happen, this one is unexpected.”

Leave a Reply

Your email address will not be published. Required fields are marked *