|
|
|
|
|
|
by iodiniemetra
2801 days ago
|
|
|
> there's no "View As" which will show you someone's search and location history Not in the UI, no. But once you have the token, which is what this was, then you can request that from many of the UI API interfaces facebook provides. When this first leaked, anyone who worked with auth systems immediately assumed it was a game over scenario. |
|
|
I had only followed general-consumption reports here, and hadn't seen that the attack involved obtaining a token that allowed the attacker to authenticate as the user, and I didn't realize that the API included support for pulling search history data. Given that, I understand much better why this was a disaster from the beginning, and why people are so mistrustful of the rolling "and also this..." disclosures.