Israeli security researcher, Nir Goldshlager has found a way to abuse Facebook's OAuth mechanism allowing for complete account take over. From his blog:
Apple Inc computers were attacked by the same hackers who targeted Facebook Inc, but no data appeared to have been stolen, the company said on Tuesday in an unprecedented admission of a widespread cyber-security breach.
Facebook revealed on Friday that unidentified hackers traced to China had staged a sophisticated attack by infiltrating its employees' laptops, but no user information was compromised.
Facebook revealed on Saturday that its internal network was hacked last month.
The attackers were able to access the tech giant's computer network after employees visited a mobile developer's website which downloaded malware - software often used to steal information - onto employees' laptops.
Facebook helped the FBI take down an international crime ring that used a botnet to infect 11 million computers and steal more than $850 million, one of the largest cybercrime hauls in history.
The FBI announced today that with the social-networking giant's assistance, it had arrested 10 people from countries around the world who it said used the Yahos malware and Butterfly botnet to steal victims' credit card, bank account, and personal information.
Last week Facebook suffered an "error" that had an astounding ripple effect, as users of thousands of popular websites were inadvertently redirected to a Facebook error page. It was shocking to learn that Facebook Connect could disrupt every site it linked to -- but even more troubling was the glimpse it gave us of future hacker attacks.