Massive Security Breach Found on Facebook and MySpace

CYBERSPACE — A developer has discovered a massive flaw in the security of both Facebook and MySpace that leaves users on both social networking sites vulnerable to massive identity theft and fraud.

The developer, Yvo Schaap, discovered the vulnerability, which works by taking advantage of how the two sites remember users' login information and use that information to activate certain Flash apps. Specifically, if a user checks the "remember me" box in the login modules of either site, and then use a Flash app that makes use of their login information, those actions would make their login information vulnerable to a hacker.

That basic problem could give hackers the power to build malicious Flash apps that could harvest users' other personal information, account numbers, photos, messages and everything else posted on either of the two sites.

Schaap emailed administrators at both sites. MySpace resolved the problem first, while Facebook followed close behind. That's the good news.

The bad news is that this vulnerability has been around for months, which means that any number of users may have had their information harvested.

Facebook has launched an investigation into the origin of the bug.

"The security of our users is a top priority for Facebook and we worked with the researcher who identified the issue to fix it," a representative for Facebook said. "We have not received any reports that it was ever exploited."

Tech analyst Jason Kincaid of TechCrunch.com criticized both sites for their lax security standards, but he saved his harshest words for Facebook

"Facebook is no longer just a platform for learning about your college buddies — it’s a serious business, used for photos and messages that can be very sensitive," he said. "I’ve heard of journalists who regularly use Facebook to reach out to potential sources, when secrecy is of the utmost importance. Apparently that’s not a good idea."

Tech-savvy developers may want to read Schaap's full description of the vulnerability, which apparently takes advantage of an imperfection in the programming of a file called "crossdomain.xml."

Related:  

Copyright © 2025 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More News

Supreme Court Rules Against Adult Industry in Pivotal Texas AV Case

The U.S. Supreme Court on Friday issued its decision in Free Speech Coalition v. Paxton, striking a blow against the online adult industry by ruling in support of Texas’ controversial age verification law, HB 1181.

North Carolina Passes Extreme Bill Targeting Adult Sites

The North Carolina state legislature this week ratified a bill that would impose new regulations that industry observers have warned could push adult websites and platforms to ban most adult creators and content.

Supreme Court Ruling Due Friday in FSC v. Paxton AV Case

The U.S. Supreme Court will rule on Friday in Free Speech Coalition v. Paxton, the adult industry trade association's challenge to Texas’ controversial age verification law, HB 1181.

Ofcom: More Porn Providers Commit to Age Assurance Measures

A number of adult content providers operating in the U.K. have confirmed that they plan to introduce age checks in compliance with the Online Safety Act by the July 25 deadline, according to U.K. media regulator Ofcom.

Aylo Says It Will Comply With UK Age Assurance Requirements

Tech and media company Aylo, which owns various adult properties including Pornhub, YouPorn and Redtube, plans to introduce age assurance methods in the United Kingdom that satisfy government rules under the Online Safety Act, the company has announced.

Kyrgyzstan Parliament Approves Measure Outlawing Internet Porn

The Supreme Council of Kyrgyzstan on Wednesday passed legislation outlawing online adult content in the country.

Trial Set for Lawsuit by U Wisconsin Professor Fired Over Adult Content

A trial date of June 22, 2026, has been set for the civil lawsuit filed by veteran communications professor Joe Gow against the University of Wisconsin board of regents, which fired him for creating and appearing in adult content.

New UK Task Force Meets to Target Adult Content

The architect of an influential report that recommended banning adult content deemed “degrading, violent and misogynistic” has convened an “Independent Pornography Review task force” aimed at translating that report’s findings into action in the U.K.

11:11 Creations Launches Affiliate Program

11:11 Creations principal Alicia Silver has launched 11:11 Cash for creators and affiliates.

Pineapple Support, Pornhub to Host 'Self Love' Support Group

Pineapple Support and Pornhub are hosting a free online support group for performers to develop self-love.

Show More