TechCrunch: Facebook bug let websites read ‘likes’ and interests from a user’s profile

TechCrunch: Facebook bug let websites read ‘likes’ and interests from a user’s profile . “Facebook has fixed a bug that let any website pull information from a user’s profile — including their ‘likes’ and interests — without that user’s knowledge. That’s the findings from Ron Masas, a security researcher at Imperva, who found that Facebook search results weren’t properly protected from cross-site request forgery (CSRF) attacks. In other words, a website could quietly siphon off certain bits of data from your logged-in Facebook profile in another tab.”