Facebook closes spamming hole
Facebook has closed a vulnerability that spammers were exploiting at the beginning of the week to send out unsolicited spam emails. All Facebook users had to do was click on a link in a message from another user to automatically send spam messages to all of their friends.
The emails claimed, for instance, to concern a lottery at Walmart and contained a link purporting to be from a Facebook app. CNET says that, when the link was clicked on, spammers used a cross-site request forgery (CSRF) hole in the launched Facebook app in order to send out emails without requiring any further intervention by the user.
See also:
- The Facebook dislike button scam, a report from The H.
- Facebook crawler collects more than 170 million data sets, a report from The H.
- Security-conscious users consider quitting Facebook, a report from The H.
(crve)