Wednesday, April 30, 2025
HomeCVE/vulnerabilityA Facebook Vulnerability that Allows to Reveals the Facebook Page Admin Identity

A Facebook Vulnerability that Allows to Reveals the Facebook Page Admin Identity

Published on

SIEM as a Service

Follow Us on Google News

A new facebook vulnerability discovered by the Security researcher that allows revealing the Facebook page admin identity in plain text.

Facebook introduced new future for Page Admins that allows to getting page followers by targeting the specific audience who is liked the page post but not the page.

So if you liked the specific post from any page that you’re actually not following, page notifying you via mail that let you recommend to like the concern page.

- Advertisement - Google News

Security Researchers Mohamed, who received the same notification to his inbox and he made an investigation in this regards and find this Vulnerability.

Also Read:  Facebook Vulnerability May Allow an Attacker to Perform Phishing Attack

“He said, One day I liked one of the posts of a specific page but i didn’t liked or followed the page itself after a few days I got an email notification from Facebook regarding an invitation to like the page that i did already liked one of its posts, I was amazed by the feature but i realized that this is a feature to target non-fans and i was wondering what could go wrong since this is a new feature ?”

Since there is no possibility to initiate any attacks, he investigates the Email Notification and he analysis the Mail header by clicking  showing the “Original” of the message (that can be achieved by clicking on the little drop-down menu arrow beside the message reply button)

Finally, he finds the information about the page and the admin of the page and other related information.

Later he reported this bug to the Facebook security team and  Facebook awarded a bug bounty of $2500.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Trellix Launches Phishing Simulator to Help Organizations Detect and Prevent Attacks

Trellix, a leader in cybersecurity solutions, has unveiled its latest innovation, the Trellix Phishing...

AiTM Phishing Kits Bypass MFA by Hijacking Credentials and Session Tokens

Darktrace's Security Operations Center (SOC) in late 2024 and early 2025, cybercriminals have been...

Nitrogen Ransomware Uses Cobalt Strike and Log Wiping in Targeted Attacks on Organizations

Threat actors have leveraged the Nitrogen ransomware campaign to target organizations through deceptive malvertising...

Researchers Reveal Threat Actor TTP Patterns and DNS Abuse in Investment Scams

Cybersecurity researchers have uncovered the intricate tactics, techniques, and procedures (TTPs) employed by threat...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

SonicWALL Connect Tunnel Vulnerability Could Allow Attackers to Trigger DoS Attacks

A newly disclosed vulnerability in SonicWall’s Connect Tunnel Windows Client could allow malicious actors...

Firefox 138 Launches with Patches for Several High-Severity Flaws

Mozilla has officially released Firefox 138, marking a significant update focused on user security....

Zimbra Collaboration GraphQL Flaw Lets Hackers Steal User Information

 A severe Cross-Site Request Forgery (CSRF) vulnerability in Zimbra Collaboration Suite (ZCS) versions 9.0...