OAuth Facebook Privacy Flaw Gave a Hacker Full Access To Anyone's Account (Video)
Nir Goldshlager discovered a major privacy flaw in Facebook's OAuth - where system developers use to access information everytime you hit the "allow" button. Nir gained access to virtually anyone's entire Facebook account. He explained:
I found a way in to get full permissions (read inbox, outbox, manage pages, manage ads, read private photos, videos, etc.) over the victim account even without any installed apps on the victim account...
Just to clarify there is no need for any installed apps on the victim's account, Even if the victim never allowed any application in his Facebook account, I could still be getting full permissions This bug works on any browser.
Facebook has fixed the problem already. It seems we're discovering new security holes all the time! Check out the video below: [Nir Goldshlager via Daily Dot]