nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

Facebook 'login hole'

By Team Register, 27 Apr 2016

Infosec biz Bitdefender says Facebook has patched a bug it found that potentially allowed miscreants to log into websites as other people.

A hacker could create a Facebook account using an email address belonging to a victim, then at the right moment change the address to one controlled by the hacker to verify the contact details are correct. This new Facebook account is still associated with the victim's email address, and can be used to sign into a website as the victim if they have an account on the site associated with that email address.

In a word: weird. The flaw was, we're told, discovered and reported by Bitdefender's Ionut Cernica, and fixed by Facebook. ®

The Register - Independent news and views for the tech community. Part of Situation Publishing