It’s 2019, and just clicking on a specially crafted URL would have allowed an attacker to hack your Facebook account without any further interaction.
A security researcher discovered a critical cross-site request forgery (CSRF) vulnerability in the most popular social media platform that could have been allowed attackers to hijack Facebook accounts by simply tricking the targeted users into clicking on a link.
The researcher, who goes by the online alias “Samm0uda,” discovered the vulnerability after he spotted a flawed endpoint that could have been exploited to bypass CSRF protections and takeover victim’s account.
All the attacker needs to do is trick the victims into clicking a specially crafted Facebook URL, as mentioned on his blog, designed to perform various actions like posting anything on their timeline, change or delete their profile picture, and even trick users into deleting their entire Facebook accounts.