We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,713 News Articles

Facebook fixes bug that allowed friend deletion

Bug was a variation of an earlier vulnerability

Facebook has fixed a flaw that let hackers delete Facebook friends without permission.

The flaw was reported last week by Steven Abbagnaro, a student at Marist College in Poughkeepsie, New York. It was patched on Friday  after the IDG News Service notified Facebook of the issue.

The bug was a variation of an earlier vulnerability that Facebook learned about earlier this month, which affected a range of features on the website. Hackers could have leveraged Abbagnaro's bug to delete all of a victim's contacts, one by one, but it does not appear that anyone ever exploited it in a malicious way.

For Abbagnaro's attack to work, however, a user would have to have been tricked into clicking on a malicious web link while still logged into Facebook.

Facebook has struggled to fix these bugs, which are called cross-site request forgery flaws. They exist because of relatively simple web programming mistakes in the website's code, and security researchers have criticised Facebook for not fixing them more quickly.

"We're in the process of doing a full audit and are building additional protections for this type of potential attack across the code base," said Simon Axten, a Facebook spokesman, on Friday. "We began working on this one as soon as we learned about it and pushed a fix early this afternoon."

See also:

PC security advice


IDG UK Sites

LG G Watch review: Android Wear smartwatch is the best around, so far

IDG UK Sites

How to join Apple's OS X Beta Seed Program: Get OS X Yosemite on your Mac before public release

IDG UK Sites

Why the BBC iPlayer outage was caused by a DDoS attack: Topsy and Tim isn't *that* popular

IDG UK Sites

See Glasgow 2014 in UHD as history is made