Though Facebook wasn’t compromised by the Heartbleed bug several weeks ago, there was another bug in open source discovered this week could affect the site. According to CNET, a Ph.D. student in Singapore discovered a hole in the OAuth and OpenID log-in tools that are used by Facebook, Google, LinkedIn and many other large websites.

The security flaw, called “Covert Redirect,” works by faking a log-in popup window for a website and asking users to sign in to authorize use of an app. This bug is hard to detect because it uses the actual domain of the websites instead of a fake one, which is the usual telltale sign of malware. Once users log in, cyber-scammers can steal their login data and redirect them to malicious sites.

The Ph.D. student who discovered the loophole says that he contacted Facebook about the potential problem, though the site responded by telling him that the issue was too big to solve “in the short term” because of the number of apps on the site that would have to comply with new rules.

However, though bugs like this may be hard to stop, users can easily protect themselves. If you click on a link and are immediately prompted to log in to your Facebook account, close out of the tab immediately. This will prevent any breach of your private info.

Recommended Resources

DoNotTrackMe® is a used by millions of people worldwide for free to block web tracking and spam email. Advanced Premium features ($5/mo.) allow you to protect more private information by creating one-time use, private credit cards when you shop online.

BitDefender Safego is a Facebook application you can install that will scan your News Feed and help keep you safe from scams on Facebook.

IDrive® Secure, fast and simple online backup – 5G Free!