CSRF Vulnerability Allowed Attackers To See Sensitive Data of Grammarly’s Customers

19 January 2018

In the early days of the internet, privacy was easier to maintain. If a website prompted you to enter your real name when registering, you had two choices. Either you would leave instantly or you would provide a fake name if access to the website was important to you.

Generally, you were careful about when and where you used your real name online. Websites were lacking JavaScript, and every personal homepage had at least one colorful gif of a dancing animal.

The Personal Data Problem on the Internet

Now, if you try to register on one of the most popular sites on the internet with a fake name, you get instantly banned (see ‘Facebook real-name policy controversy‘). Messenger apps on your phone upload your whole address book to servers abroad. Many websites ask you for your name, email address, age, and gender just to show you an article about a topic of interest.

Read full news article on Dzone

Date:

19 January 2018

Categorie(s):

NEWS

Tag(s):

CSRF, Customers, Data, Security Pro, Vulnerability

7-Year-Old 0-Day in Microsoft Office Exploited to Drop Cobalt Strike27 April 2024
AI Helps Improve About Managed Detection and Response26 April 2024
TikTok, Flowmon, Cisco, Brokewell, RuggedCom, Deepfakes, Non-Competes, Aaran Leyland – SWN #38126 April 2024
Impact of organizational structure on ransomware outcomes: Where does your org fit in?26 April 2024
Hackers try to exploit WordPress plugin vulnerability that’s as severe as it gets26 April 2024