This might come as a surprise to many but the social media giant, Facebook, has a security flaw that is being exploited to generate millions of fake likes and comments.
A team of researchers has found that almost 1 million real and fake accounts joined a “collusion network” in a bid to get more than 100 million fake comments and likes. For those who are wondering, the team that conducted the research includes Fareed Zaffar of LUMS, Shehroze Farooqi and Zubair Shafiq from The University of Iowa, and Nektarios Leontiadis from Facebook.
Posts on the social media platform that experience most traction are the ones that get most likes, comments, and shares. However, Pakistani researchers reveal that “likes” on Facebook, can be obtained by exploiting the security flaw.
Previously, the social media giant had been criticized for promoting fake news, which had an adverse impact on the company’s users. Also, the company recently admitted that it sold over $100,000 worth of ads to fake Russian accounts during the 2016 US presidential election.
Keeping that in mind, it seems that the company will attract negative reaction from users for its security flaws. Adding to that, the team states that they uncovered “a thriving ecosystem of large-scale reputation manipulation services on Facebook that leverage the principle of collusion. Collusion networks collect OAuth access tokens from colluding members and abuse them to provide fake likes or comments to their members.”
It is pertinent to note that it’s not easy to track “collusion network” as they contain different accounts that form an alliance and benefit each other by liking and commenting on each other’s post. These colluding accounts exploit third party apps that are linked with Facebook to retrieve their OAuth access tokens. These tokens can be used to access users’ accounts, which can then be used in the collusion network.
In any case, this is the first team to point out the abuse of OAuth access tokens. Also, the research team has partnered up with Facebook in order to solve this problem.