Facebook recently patched two bugs in its systems that let a non-member check if you’re a part of a certain group and draw up a list of members from the same city. Usually, if you’re part of a group, you can check out fellow members’ profiles. But it’s not possible when you’re not part of it – especially when the group is private. Security researcher Mohamed Shariff found a pair of bugs that allowed non-members to check group members using queries in graphql, a query language developed by Facebook. The first vulnerability was that attackers can see members of a group with the same city…
This story continues at The Next Web
Or just read more coverage about: Facebook