Facebook: Information Governance?

July 9, 2018

Anyone else annoyed by the large amount of privacy disclosures filling your index and slowing down your favorite Web site? User data privacy and how companies are collecting and/or selling that information is a big issue.

Facebook is one of the more notorious data management case studies. Despite the hand waving, it may be easy for Facebook data to be appropriated.

Josip Franjkovi? writes how user data can be stolen in the post, “Getting Any Facebook User’s Friend List And Partial Payment Card Details.”

There are black hat and white hat hackers, the latter being the “good guys.” It is important for social media Web sites to hack themselves, so they can discover any weaknesses in their structures. Franjkovi? points out that Facebook uses a GraphQL endpoint that is only accessible their first part applications. He kept trying to break into the endpoint, even sending persisted queries on a loop. The same error message kept returning, but it did return information already available to the public and the privately held friends list.

The scarier hack was about credit card information:

“A bug existed in Facebook’s Graph API that allowed querying for any user’s payment cards details using a field named payment_modules_options. I found out about this field by intercepting all the requests made by Facebook’s Android application during registration and login flow.”

Thankfully Franjkovi? discovered this error and within four hours and thirteen minutes the issue was resolved. Credit card information was stolen this time around, but how much longer until it is again? We await Franjkovi?’s analysis of Google email being available to certain third parties.

Whitney Grace, July 9, 2018

Comments

Got something to say?





  • Archives

  • Recent Posts

  • Meta