They leak data to their serversThe Chrome Web Store has extensions for interacting with Facebook that are popular with users. But, as it turned out, such plugins can be a potential tool for mass leakage of user accounts from Facebook. Discuss alt=”Facebook extensions have become one of the top profile and identity thefts” Facebook extensions have become one of the top profile and identity thefts/>
Brave, the developer of the Chromium-based browser of the same name, has blocked one of these extensions – LOC It is designed to automate a number of functions when interacting with the social network. But when activated, this extension uses an access token, which can be obtained by calling Creator Studio, a Facebook web application, which gives them in response to a special GET request that allows unauthorized access to account data.
LOC downloaded over 700 thousand times. When reviewed by Brave specialists, abuses with user data were not found, but the developers were given mandatory recommendations for correcting the work of the extension. , when Facebook found itself at the center of scandals for leaking user data through such extensions. Because such plugins send profile data to their server without the user's consent or knowledge, and in violation of Meta policies.
Source: Anti-Malware