{"id":12461,"date":"2022-02-12T01:42:36","date_gmt":"2022-02-12T01:42:36","guid":{"rendered":"https:\/\/mailinvest.blog\/index.php\/2022\/02\/12\/facebook-exposes-god-mode-token-miscreants-could-use-the-register\/"},"modified":"2022-02-12T01:42:36","modified_gmt":"2022-02-12T01:42:36","slug":"facebook-exposes-god-mode-token-miscreants-could-use-the-register","status":"publish","type":"post","link":"https:\/\/mailinvest.blog\/index.php\/2022\/02\/12\/facebook-exposes-god-mode-token-miscreants-could-use-the-register\/","title":{"rendered":"Facebook exposes &#8216;god mode&#8217; token miscreants could use \u2022 The Register"},"content":{"rendered":"<p> <a href=\"https:\/\/go.fiverr.com\/visit\/?bta=1052423&nci=17043\" Target=\"_Top\"><img loading=\"lazy\" decoding=\"async\" border=\"0\" src=\"https:\/\/mailinvest.blog\/wp-content\/themes\/breek\/assets\/images\/transparent.gif\" data-lazy=\"true\" data-src=\"https:\/\/fiverr.ck-cdn.com\/tn\/serve\/?cid=40081059\"  width=\"601\" height=\"201\"><\/a>\n<\/p>\n<div id=\"body\">\n<p>Brave this week said it is blocking the installation of a popular Chrome extension called L.O.C. because it exposes users&#8217; Facebook data to potential theft.<\/p>\n<p>&#8220;If a user is already logged into Facebook, installing this extension will automatically grant a third-party server access to some of the user&#8217;s Facebook data,&#8221; explained Francois Marier, a security engineer at Brave, in <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/github.com\/brave\/extension-whitelist\/issues\/48\">a GitHub Issues post<\/a>. &#8220;The API used by the extension does not cause Facebook to show a permission prompt to the user before the application&#8217;s access token is issued.&#8221;<\/p>\n<p>However, the developer of the extension, Loc Mai, told <em>The Register<\/em> that his extension is not harvesting information \u2013 as the extension&#8217;s privacy policy states. The extension currently has around 700,000 users.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\">\n        <noscript><br \/>\n            <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YgcQjBvHpKT5IKN3K8GloAAAABg&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\" rel=\"noopener\"><br \/>\n                <img decoding=\"async\" src=\"https:\/\/mailinvest.blog\/wp-content\/themes\/breek\/assets\/images\/transparent.gif\" data-lazy=\"true\" data-src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YgcQjBvHpKT5IKN3K8GloAAAABg&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt=\"\"\/><\/a><br \/>\n        <\/noscript>\n    <\/div>\n<p>&#8220;The extension does not collect the user&#8217;s data unless the user becomes a Premium user, and the only thing it collects is UID \u2013 which is unique to each person,&#8221; explained Mai.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xmd=\",fluid,mpu,leaderboard,\" data-lg=\",fluid,mpu,leaderboard,\" data-xlg=\",fluid,billboard,superleaderboard,mpu,leaderboard,\" data-xxlg=\",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,\">\n            <noscript><br \/>\n                <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YgcQjBvHpKT5IKN3K8GloAAAABg&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"><br \/>\n                    <img decoding=\"async\" src=\"https:\/\/mailinvest.blog\/wp-content\/themes\/breek\/assets\/images\/transparent.gif\" data-lazy=\"true\" data-src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YgcQjBvHpKT5IKN3K8GloAAAABg&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt=\"\"\/><\/a><br \/>\n            <\/noscript>\n        <\/div>\n<div class=\"adun_eagle_desktop_story_wrapper\">\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xxlg=\",mpu,dmpu,\">\n                <noscript><br \/>\n                    <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YgcQjBvHpKT5IKN3K8GloAAAABg&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"><br \/>\n                        <img decoding=\"async\" src=\"https:\/\/mailinvest.blog\/wp-content\/themes\/breek\/assets\/images\/transparent.gif\" data-lazy=\"true\" data-src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YgcQjBvHpKT5IKN3K8GloAAAABg&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt=\"\"\/><\/a><br \/>\n                <\/noscript>\n            <\/div>\n<\/p><\/div>\n<p>Mai said the extension stores the token locally, under <code>localStorage.touch<\/code>. That presents <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/dev.to\/rdegges\/please-stop-using-local-storage-1i04\">a security risk<\/a> but isn&#8217;t indicative of wrongdoing. L.O.C. continues to <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/chrome.google.com\/webstore\/detail\/loc\/eojdckfcadamkapabechhbnkleligand\">be available<\/a> through the Chrome Web Store.<\/p>\n<p>However, a malicious developer could harvest Facebook data using the same access method, because Facebook is exposing a plain-text token that grants what security researcher <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/thezedwards\">Zach Edwards<\/a> describes as &#8220;god mode.&#8221;<\/p>\n<h3 class=\"crosshead\">\n  <span>God mode<\/span><br \/>\n<\/h3>\n<p>In an email to <em>The Register<\/em>, Mai explained that Facebook&#8217;s Graph API requires a user&#8217;s access token to function. To obtain that token \u2013 so users of the extension can automate the processing of their own Facebook data, like downloading their messages \u2013 the extension sends a GET request to <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/business.facebook.com\/creatorstudio\/home\">Creator Studio for Facebook<\/a>. The request returns an access token to the extension for the logged-in Facebook user, allowing further programmatic interactions with Facebook data.<\/p>\n<p>Mai elaborated on this in response to Brave&#8217;s GitHub post. &#8220;The access token is within the HTML of that page. Any Facebook user can really just go to <code>view-source:https:\/\/business.facebook.com\/creatorstudio\/home<\/code> and view the access token in there.&#8221;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\">\n            <noscript><br \/>\n                <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YgcQjBvHpKT5IKN3K8GloAAAABg&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"><br \/>\n                    <img decoding=\"async\" src=\"https:\/\/mailinvest.blog\/wp-content\/themes\/breek\/assets\/images\/transparent.gif\" data-lazy=\"true\" data-src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YgcQjBvHpKT5IKN3K8GloAAAABg&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt=\"\"\/><\/a><br \/>\n            <\/noscript>\n        <\/div>\n<p>Edwards told <em>The Register<\/em>, &#8220;Facebook faced nearly an identical scandal in 2018 when 50 million Facebook accounts were scraped due to <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/nytimes.com\/2018\/09\/28\/technology\/facebook-hack-data-breach.html\">a token exposure<\/a>.&#8221; And yet Facebook appears to consider this data dispensing token to be a feature, not a bug.<\/p>\n<p>Mai provided <em>The Register<\/em> with a copy of the April 9, 2019 email he used to report a token disclosure issue at <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/m.facebook.com\/composer\/ocelot\/async_loader\/?publisher=feed\">a different endpoint<\/a> that enabled the same sort of data access. The response from Facebook security was, &#8220;In this case, the issue you&#8217;ve described is actually just intended functionality and therefore doesn&#8217;t qualify for a bounty.&#8221;<\/p>\n<p>&#8220;Facebook seems to have not learned their lesson from 2018 and is still exposing a plain text god mode token for every user, on a niche page that specific developers know about,&#8221; said Edwards. &#8220;Facebook calls this a feature, but when the first extension developer scrapes and steals data from countless pages and users, will that be when Facebook finally admits it&#8217;s a bug just like the 2018 problems?&#8221;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" id=\"story_eagle_xsm_sm_md_xmd_lg_xlg\" data-pos=\"mid\" data-raptor=\"eagle\" data-xsm=\",mpu,dmpu,\" data-sm=\",mpu,dmpu,\" data-md=\",mpu,dmpu,\" data-xmd=\",mpu,dmpu,\" data-lg=\",mpu,dmpu,\" data-xlg=\",mpu,dmpu,\">\n            <noscript><br \/>\n                <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YgcQjBvHpKT5IKN3K8GloAAAABg&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"><br \/>\n                    <img decoding=\"async\" src=\"https:\/\/mailinvest.blog\/wp-content\/themes\/breek\/assets\/images\/transparent.gif\" data-lazy=\"true\" data-src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YgcQjBvHpKT5IKN3K8GloAAAABg&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt=\"\"\/><\/a><br \/>\n            <\/noscript>\n        <\/div>\n<p><em>The Register<\/em> asked Facebook about the situation and about whether, as Edwards suggests, the company intends to revoke all the tokens obtained from its Creator Studio endpoint. We&#8217;ve not heard back.<\/p>\n<p>Mai said he made the extension to help friends who were thinking of quitting Facebook. The L.O.C. extension, which has more than 700,000 users, lets people download their Facebook conversations, change their post privacy settings, find and remove friends, and other functions.<\/p>\n<p>Mai said he has been banned from Facebook and added the company has contacted him to accuse him of transferring or sharing user data without consent \u2013 &#8220;I have never done this&#8221; \u2013 and of buying, selling, or exchanging site privileges such as likes, shares, and other aspects of engagement tracked by Facebook and Instagram \u2013 which he also denied.<\/p>\n<p>However, he said, he&#8217;d consider removing his extension &#8220;if Facebook was more reasonable with my Facebook account and Instagram account and if they provided me with better reasons why my extension is harmful for others.&#8221;<\/p>\n<p><em>The Register<\/em> asked Brave whether it intends to reconsider its ban of L.O.C. based on Mai&#8217;s explanation of what&#8217;s going on. A Brave spokesperson said, \u201cWe\u2019re working with the extension author on some changes to the extension so that it can be unblocked in Brave.\u201d.<\/p>\n<h3 class=\"crosshead\">\n  <span>Improper extensions still an issue<\/span><br \/>\n<\/h3>\n<p>Edwards said Facebook&#8217;s Terms of Service falls short here because while the company insists people use <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/developers.facebook.com\/docs\/development\/create-an-app\/\">its app platform<\/a>, it doesn&#8217;t prevent people from using browser extensions.<\/p>\n<p>And this gap that exposes user data is compounded by the way Chrome extensions currently work. As Edwards describes it, Chrome extensions can request permissions on one domain you control and on another you don&#8217;t, and then open a browser tab upon installation that creates an opportunity to scrape API tokens and session IDs for various different types of apps.<\/p>\n<p>&#8220;Facebook just happens to have a legacy web permission hardcoded into a page on their &#8216;creator studio&#8217; they built, which makes it possible for someone who controls one of these extensions to scrape hundreds of thousands of Facebook tokens, without ever signing up for the Facebook developer program and using the correct\/native Facebook app\/dev sharing features,&#8221; explained Edwards.<\/p>\n<p>&#8220;Basically, Facebook can&#8217;t &#8216;ban&#8217; an extension, even if Facebook knows the extension should not be allowed to request permissions on facebook.com and their own team thinks it&#8217;s malicious,&#8221; he added.<\/p>\n<p>&#8220;And currently, Google doesn&#8217;t want to acknowledge that the [Chrome App Store] is overrun with developers requesting permissions on two domains, one they control and one they don&#8217;t. This is the practice that just needs to stop as fast as possible or be acknowledged publicly by Google so they can explain any future fixes to prevent these problems.&#8221;<\/p>\n<p>Edwards said between the broad scope of Chrome extension permissions and the bewildering decision by Facebook to keep this &#8220;god mode&#8221; token embedded on a page for years after being altered to the problem, it&#8217;s a perfect storm for data theft. \u00ae<\/p>\n<\/p><\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><iframe data-lazy=\"true\" data-src=\"https:\/\/www.fiverr.com\/gig_widgets?id=U2FsdGVkX18x7XQvttUTrv1oEqmGNGTgvvCUiUoJ\/AP4z\/UyMz8lXGOLpu15jIMxBbTR0gmD5uBoFvhC4KWeALQRp3h\/X\/AwcVD0K8Wj9H\/ZzYKzcCNHosB9oS4SCJJFWiN85P9ICAc4OgCoE\/wHKIY7CDkf2\/DQ1vqGvk4smVe5cRDEmrLPCWi4FC8p40VUhSmWQ5udCm0zoJtorgWv3vbDQw0kKYkwn39ozAnQXDe+YvWMxkLFWA+O3TFwkJvdkIK+\/AUSnRssPKt5WHY0FhNOxnSPcLslEL4G4\/RfP95ve99U+kRnDy3X+KtzdQLY+u935ghON\/o3UE4IMv9oN6JX9RnxzL\/LRcOgnHigxStSGPKsZYtnz8RWNVT\/rOLAibqiWJadC5MYHRbekF3eg6FOGrQGkXYbsn0+a5aovnlLCbLwIqY9fcS17UX8J235iQ6cdmHNbrPeS84CMm34RA==&affiliate_id=1052423&strip_google_tagmanager=true\" loading=\"lazy\" data-with-title=\"true\" class=\"fiverr_nga_frame\" frameborder=\"0\" height=\"350\" width=\"100%\" referrerpolicy=\"no-referrer-when-downgrade\" data-mode=\"random_gigs\" onload=\" var frame = this; var script = document.createElement('script'); script.addEventListener('load', function() { window.FW_SDK.register(frame); }); script.setAttribute('src', 'https:\/\/www.fiverr.com\/gig_widgets\/sdk'); document.body.appendChild(script); \" ><\/iframe>\n<br \/><a href=\"https:\/\/go.theregister.com\/feed\/www.theregister.com\/2022\/02\/12\/facebook_god_mode\/\">Source link <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Brave this week said it is blocking the installation of a popular Chrome extension called L.O.C. because it exposes users&#8217; Facebook data to potential theft&#8230;.<\/p>\n","protected":false},"author":1,"featured_media":9508,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[],"class_list":["post-12461","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-tech-universe"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Facebook exposes &#039;god mode&#039; token miscreants could use \u2022 The Register - mailinvest.blog<\/title>\n<meta name=\"description\" content=\"Technology is forever changing, and there are always new pieces of technology to replace obsolete ones. Tons of people enjoy reading tech blogs on a daily basis.mailinvest.blog tracks all the latest consumer technology breakthroughs and shows you what&#039;s new, what matters and how technology can enrich your life. mailinvest.blog also provides the information, tools, and advice that helps when deciding what to buy.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/mailinvest.blog\/index.php\/2022\/02\/12\/facebook-exposes-god-mode-token-miscreants-could-use-the-register\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Facebook exposes &#039;god mode&#039; token miscreants could use \u2022 The Register - mailinvest.blog\" \/>\n<meta property=\"og:description\" content=\"Technology is forever changing, and there are always new pieces of technology to replace obsolete ones. Tons of people enjoy reading tech blogs on a daily basis.mailinvest.blog tracks all the latest consumer technology breakthroughs and shows you what&#039;s new, what matters and how technology can enrich your life. mailinvest.blog also provides the information, tools, and advice that helps when deciding what to buy.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/mailinvest.blog\/index.php\/2022\/02\/12\/facebook-exposes-god-mode-token-miscreants-could-use-the-register\/\" \/>\n<meta property=\"og:site_name\" content=\"mailinvest.blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/freelanceracademic\/\" \/>\n<meta property=\"article:published_time\" content=\"2022-02-12T01:42:36+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/mailinvest.blog\/wp-content\/uploads\/2022\/02\/Facebook.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"810\" \/>\n\t<meta property=\"og:image:height\" content=\"498\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"admin@mailinvest.blog\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin@mailinvest.blog\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2022\\\/02\\\/12\\\/facebook-exposes-god-mode-token-miscreants-could-use-the-register\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2022\\\/02\\\/12\\\/facebook-exposes-god-mode-token-miscreants-could-use-the-register\\\/\"},\"author\":{\"name\":\"admin@mailinvest.blog\",\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/#\\\/schema\\\/person\\\/012701c4c204d4e4ebd34f926cfd31a4\"},\"headline\":\"Facebook exposes &#8216;god mode&#8217; token miscreants could use \u2022 The Register\",\"datePublished\":\"2022-02-12T01:42:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2022\\\/02\\\/12\\\/facebook-exposes-god-mode-token-miscreants-could-use-the-register\\\/\"},\"wordCount\":1018,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2022\\\/02\\\/12\\\/facebook-exposes-god-mode-token-miscreants-could-use-the-register\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/mailinvest.blog\\\/wp-content\\\/uploads\\\/2022\\\/02\\\/Facebook.jpg\",\"articleSection\":[\"Tech Universe\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2022\\\/02\\\/12\\\/facebook-exposes-god-mode-token-miscreants-could-use-the-register\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2022\\\/02\\\/12\\\/facebook-exposes-god-mode-token-miscreants-could-use-the-register\\\/\",\"url\":\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2022\\\/02\\\/12\\\/facebook-exposes-god-mode-token-miscreants-could-use-the-register\\\/\",\"name\":\"Facebook exposes 'god mode' token miscreants could use \u2022 The Register - mailinvest.blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2022\\\/02\\\/12\\\/facebook-exposes-god-mode-token-miscreants-could-use-the-register\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2022\\\/02\\\/12\\\/facebook-exposes-god-mode-token-miscreants-could-use-the-register\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/mailinvest.blog\\\/wp-content\\\/uploads\\\/2022\\\/02\\\/Facebook.jpg\",\"datePublished\":\"2022-02-12T01:42:36+00:00\",\"description\":\"Technology is forever changing, and there are always new pieces of technology to replace obsolete ones. Tons of people enjoy reading tech blogs on a daily basis.mailinvest.blog tracks all the latest consumer technology breakthroughs and shows you what's new, what matters and how technology can enrich your life. mailinvest.blog also provides the information, tools, and advice that helps when deciding what to buy.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2022\\\/02\\\/12\\\/facebook-exposes-god-mode-token-miscreants-could-use-the-register\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2022\\\/02\\\/12\\\/facebook-exposes-god-mode-token-miscreants-could-use-the-register\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2022\\\/02\\\/12\\\/facebook-exposes-god-mode-token-miscreants-could-use-the-register\\\/#primaryimage\",\"url\":\"https:\\\/\\\/mailinvest.blog\\\/wp-content\\\/uploads\\\/2022\\\/02\\\/Facebook.jpg\",\"contentUrl\":\"https:\\\/\\\/mailinvest.blog\\\/wp-content\\\/uploads\\\/2022\\\/02\\\/Facebook.jpg\",\"width\":810,\"height\":498},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2022\\\/02\\\/12\\\/facebook-exposes-god-mode-token-miscreants-could-use-the-register\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/mailinvest.blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Facebook exposes &#8216;god mode&#8217; token miscreants could use \u2022 The Register\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/#website\",\"url\":\"https:\\\/\\\/mailinvest.blog\\\/\",\"name\":\"mailinvest.blog\",\"description\":\"Technology is forever changing, and there are always new pieces of technology to replace obsolete ones. Tons of people enjoy reading tech blogs on a daily basis. mailinvest.blog tracks all the latest consumer technology breakthroughs and shows you what&#039;s new, what matters and how technology can enrich your life. mailinvest.blog also provides the information, tools, and advice that helps when deciding what to buy.\",\"publisher\":{\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/mailinvest.blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/#organization\",\"name\":\"mailinvest\",\"url\":\"https:\\\/\\\/mailinvest.blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/mailinvest.blog\\\/wp-content\\\/uploads\\\/2022\\\/01\\\/default.png\",\"contentUrl\":\"https:\\\/\\\/mailinvest.blog\\\/wp-content\\\/uploads\\\/2022\\\/01\\\/default.png\",\"width\":1000,\"height\":1000,\"caption\":\"mailinvest\"},\"image\":{\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/freelanceracademic\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/#\\\/schema\\\/person\\\/012701c4c204d4e4ebd34f926cfd31a4\",\"name\":\"admin@mailinvest.blog\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/98ed217bd0f3d6a6dcae2d9b0c76e305b049a07275e315e1407e19ec8b08e139?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/98ed217bd0f3d6a6dcae2d9b0c76e305b049a07275e315e1407e19ec8b08e139?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/98ed217bd0f3d6a6dcae2d9b0c76e305b049a07275e315e1407e19ec8b08e139?s=96&d=mm&r=g\",\"caption\":\"admin@mailinvest.blog\"},\"sameAs\":[\"https:\\\/\\\/mailinvest.blog\",\"admin@mailinvest.blog\"],\"url\":\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/author\\\/adminmailinvest-blog\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Facebook exposes 'god mode' token miscreants could use \u2022 The Register - mailinvest.blog","description":"Technology is forever changing, and there are always new pieces of technology to replace obsolete ones. Tons of people enjoy reading tech blogs on a daily basis.mailinvest.blog tracks all the latest consumer technology breakthroughs and shows you what's new, what matters and how technology can enrich your life. mailinvest.blog also provides the information, tools, and advice that helps when deciding what to buy.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/mailinvest.blog\/index.php\/2022\/02\/12\/facebook-exposes-god-mode-token-miscreants-could-use-the-register\/","og_locale":"en_US","og_type":"article","og_title":"Facebook exposes 'god mode' token miscreants could use \u2022 The Register - mailinvest.blog","og_description":"Technology is forever changing, and there are always new pieces of technology to replace obsolete ones. Tons of people enjoy reading tech blogs on a daily basis.mailinvest.blog tracks all the latest consumer technology breakthroughs and shows you what's new, what matters and how technology can enrich your life. mailinvest.blog also provides the information, tools, and advice that helps when deciding what to buy.","og_url":"https:\/\/mailinvest.blog\/index.php\/2022\/02\/12\/facebook-exposes-god-mode-token-miscreants-could-use-the-register\/","og_site_name":"mailinvest.blog","article_publisher":"https:\/\/www.facebook.com\/freelanceracademic\/","article_published_time":"2022-02-12T01:42:36+00:00","og_image":[{"width":810,"height":498,"url":"https:\/\/mailinvest.blog\/wp-content\/uploads\/2022\/02\/Facebook.jpg","type":"image\/jpeg"}],"author":"admin@mailinvest.blog","twitter_card":"summary_large_image","twitter_misc":{"Written by":"admin@mailinvest.blog","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/mailinvest.blog\/index.php\/2022\/02\/12\/facebook-exposes-god-mode-token-miscreants-could-use-the-register\/#article","isPartOf":{"@id":"https:\/\/mailinvest.blog\/index.php\/2022\/02\/12\/facebook-exposes-god-mode-token-miscreants-could-use-the-register\/"},"author":{"name":"admin@mailinvest.blog","@id":"https:\/\/mailinvest.blog\/#\/schema\/person\/012701c4c204d4e4ebd34f926cfd31a4"},"headline":"Facebook exposes &#8216;god mode&#8217; token miscreants could use \u2022 The Register","datePublished":"2022-02-12T01:42:36+00:00","mainEntityOfPage":{"@id":"https:\/\/mailinvest.blog\/index.php\/2022\/02\/12\/facebook-exposes-god-mode-token-miscreants-could-use-the-register\/"},"wordCount":1018,"commentCount":0,"publisher":{"@id":"https:\/\/mailinvest.blog\/#organization"},"image":{"@id":"https:\/\/mailinvest.blog\/index.php\/2022\/02\/12\/facebook-exposes-god-mode-token-miscreants-could-use-the-register\/#primaryimage"},"thumbnailUrl":"https:\/\/mailinvest.blog\/wp-content\/uploads\/2022\/02\/Facebook.jpg","articleSection":["Tech Universe"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/mailinvest.blog\/index.php\/2022\/02\/12\/facebook-exposes-god-mode-token-miscreants-could-use-the-register\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/mailinvest.blog\/index.php\/2022\/02\/12\/facebook-exposes-god-mode-token-miscreants-could-use-the-register\/","url":"https:\/\/mailinvest.blog\/index.php\/2022\/02\/12\/facebook-exposes-god-mode-token-miscreants-could-use-the-register\/","name":"Facebook exposes 'god mode' token miscreants could use \u2022 The Register - mailinvest.blog","isPartOf":{"@id":"https:\/\/mailinvest.blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/mailinvest.blog\/index.php\/2022\/02\/12\/facebook-exposes-god-mode-token-miscreants-could-use-the-register\/#primaryimage"},"image":{"@id":"https:\/\/mailinvest.blog\/index.php\/2022\/02\/12\/facebook-exposes-god-mode-token-miscreants-could-use-the-register\/#primaryimage"},"thumbnailUrl":"https:\/\/mailinvest.blog\/wp-content\/uploads\/2022\/02\/Facebook.jpg","datePublished":"2022-02-12T01:42:36+00:00","description":"Technology is forever changing, and there are always new pieces of technology to replace obsolete ones. Tons of people enjoy reading tech blogs on a daily basis.mailinvest.blog tracks all the latest consumer technology breakthroughs and shows you what's new, what matters and how technology can enrich your life. mailinvest.blog also provides the information, tools, and advice that helps when deciding what to buy.","breadcrumb":{"@id":"https:\/\/mailinvest.blog\/index.php\/2022\/02\/12\/facebook-exposes-god-mode-token-miscreants-could-use-the-register\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/mailinvest.blog\/index.php\/2022\/02\/12\/facebook-exposes-god-mode-token-miscreants-could-use-the-register\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/mailinvest.blog\/index.php\/2022\/02\/12\/facebook-exposes-god-mode-token-miscreants-could-use-the-register\/#primaryimage","url":"https:\/\/mailinvest.blog\/wp-content\/uploads\/2022\/02\/Facebook.jpg","contentUrl":"https:\/\/mailinvest.blog\/wp-content\/uploads\/2022\/02\/Facebook.jpg","width":810,"height":498},{"@type":"BreadcrumbList","@id":"https:\/\/mailinvest.blog\/index.php\/2022\/02\/12\/facebook-exposes-god-mode-token-miscreants-could-use-the-register\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/mailinvest.blog\/"},{"@type":"ListItem","position":2,"name":"Facebook exposes &#8216;god mode&#8217; token miscreants could use \u2022 The Register"}]},{"@type":"WebSite","@id":"https:\/\/mailinvest.blog\/#website","url":"https:\/\/mailinvest.blog\/","name":"mailinvest.blog","description":"Technology is forever changing, and there are always new pieces of technology to replace obsolete ones. Tons of people enjoy reading tech blogs on a daily basis. mailinvest.blog tracks all the latest consumer technology breakthroughs and shows you what&#039;s new, what matters and how technology can enrich your life. mailinvest.blog also provides the information, tools, and advice that helps when deciding what to buy.","publisher":{"@id":"https:\/\/mailinvest.blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/mailinvest.blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/mailinvest.blog\/#organization","name":"mailinvest","url":"https:\/\/mailinvest.blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/mailinvest.blog\/#\/schema\/logo\/image\/","url":"https:\/\/mailinvest.blog\/wp-content\/uploads\/2022\/01\/default.png","contentUrl":"https:\/\/mailinvest.blog\/wp-content\/uploads\/2022\/01\/default.png","width":1000,"height":1000,"caption":"mailinvest"},"image":{"@id":"https:\/\/mailinvest.blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/freelanceracademic\/"]},{"@type":"Person","@id":"https:\/\/mailinvest.blog\/#\/schema\/person\/012701c4c204d4e4ebd34f926cfd31a4","name":"admin@mailinvest.blog","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/98ed217bd0f3d6a6dcae2d9b0c76e305b049a07275e315e1407e19ec8b08e139?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/98ed217bd0f3d6a6dcae2d9b0c76e305b049a07275e315e1407e19ec8b08e139?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/98ed217bd0f3d6a6dcae2d9b0c76e305b049a07275e315e1407e19ec8b08e139?s=96&d=mm&r=g","caption":"admin@mailinvest.blog"},"sameAs":["https:\/\/mailinvest.blog","admin@mailinvest.blog"],"url":"https:\/\/mailinvest.blog\/index.php\/author\/adminmailinvest-blog\/"}]}},"_links":{"self":[{"href":"https:\/\/mailinvest.blog\/index.php\/wp-json\/wp\/v2\/posts\/12461","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mailinvest.blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mailinvest.blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mailinvest.blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mailinvest.blog\/index.php\/wp-json\/wp\/v2\/comments?post=12461"}],"version-history":[{"count":0,"href":"https:\/\/mailinvest.blog\/index.php\/wp-json\/wp\/v2\/posts\/12461\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mailinvest.blog\/index.php\/wp-json\/wp\/v2\/media\/9508"}],"wp:attachment":[{"href":"https:\/\/mailinvest.blog\/index.php\/wp-json\/wp\/v2\/media?parent=12461"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mailinvest.blog\/index.php\/wp-json\/wp\/v2\/categories?post=12461"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mailinvest.blog\/index.php\/wp-json\/wp\/v2\/tags?post=12461"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}