{"id":45254,"date":"2022-02-12T00:28:46","date_gmt":"2022-02-12T00:28:46","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/facebook-exposes-god-mode-token-that-could-siphon-data\/"},"modified":"2022-02-12T00:28:46","modified_gmt":"2022-02-12T00:28:46","slug":"facebook-exposes-god-mode-token-that-could-siphon-data","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/facebook-exposes-god-mode-token-that-could-siphon-data\/","title":{"rendered":"Facebook exposes &#8216;god mode&#8217; token that could siphon data"},"content":{"rendered":"<p>Brave this week said it is blocking the installation of a popular Chrome extension called L.O.C. because it exposes users&#8217; Facebook data to potential theft.<\/p>\n<p>&#8220;If a user is already logged into Facebook, installing this extension will automatically grant a third-party server access to some of the user&#8217;s Facebook data,&#8221; explained Francois Marier, a security engineer at Brave, in <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/github.com\/brave\/extension-whitelist\/issues\/48\">a GitHub Issues post<\/a>. &#8220;The API used by the extension does not cause Facebook to show a permission prompt to the user before the application&#8217;s access token is issued.&#8221;<\/p>\n<p>However, the developer of the extension, Loc Mai, told <em>The Register<\/em> that his extension is not harvesting information \u2013 as the extension&#8217;s privacy policy states. The extension currently has around 700,000 users.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YgcHIazOV4sAurnBWgJdEAAAAJg&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YgcHIazOV4sAurnBWgJdEAAAAJg&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>&#8220;The extension does not collect the user&#8217;s data unless the user becomes a Premium user, and the only thing it collects is UID \u2013 which is unique to each person,&#8221; explained Mai.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xmd=\",fluid,mpu,leaderboard,\" data-lg=\",fluid,mpu,leaderboard,\" data-xlg=\",fluid,billboard,superleaderboard,mpu,leaderboard,\" data-xxlg=\",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YgcHIazOV4sAurnBWgJdEAAAAJg&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YgcHIazOV4sAurnBWgJdEAAAAJg&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<div class=\"adun_eagle_desktop_story_wrapper\">\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xxlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YgcHIazOV4sAurnBWgJdEAAAAJg&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YgcHIazOV4sAurnBWgJdEAAAAJg&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<\/p><\/div>\n<p>Mai said the extension stores the token locally, under <code>localStorage.touch<\/code>. That presents <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/dev.to\/rdegges\/please-stop-using-local-storage-1i04\">a security risk<\/a> but isn&#8217;t indicative of wrongdoing. L.O.C. continues to <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/chrome.google.com\/webstore\/detail\/loc\/eojdckfcadamkapabechhbnkleligand\">be available<\/a> through the Chrome Web Store.<\/p>\n<p>However, a malicious developer could harvest Facebook data using the same access method, because Facebook is exposing a plain-text token that grants what security researcher <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/thezedwards\">Zach Edwards<\/a> describes as &#8220;god mode.&#8221;<\/p>\n<h3 class=\"crosshead\"> <span>God mode<\/span><br \/>\n<\/h3>\n<p>In an email to <em>The Register<\/em>, Mai explained that Facebook&#8217;s Graph API requires a user&#8217;s access token to function. To obtain that token \u2013 so users of the extension can automate the processing of their own Facebook data, like downloading their messages \u2013 the extension sends a GET request to <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/business.facebook.com\/creatorstudio\/home\">Creator Studio for Facebook<\/a>. The request returns an access token to the extension for the logged-in Facebook user, allowing further programmatic interactions with Facebook data.<\/p>\n<p>Mai elaborated on this in response to Brave&#8217;s GitHub post. &#8220;The access token is within the HTML of that page. Any Facebook user can really just go to <code>view-source:https:\/\/business.facebook.com\/creatorstudio\/home<\/code> and view the access token in there.&#8221;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YgcHIazOV4sAurnBWgJdEAAAAJg&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YgcHIazOV4sAurnBWgJdEAAAAJg&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>Edwards told <em>The Register<\/em>, &#8220;Facebook faced nearly an identical scandal in 2018 when 50 million Facebook accounts were scraped due to <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/nytimes.com\/2018\/09\/28\/technology\/facebook-hack-data-breach.html\">a token exposure<\/a>.&#8221; And yet Facebook appears to consider this data dispensing token to be a feature, not a bug.<\/p>\n<p>Mai provided <em>The Register<\/em> with a copy of the April 9, 2019 email he used to report a token disclosure issue at <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/m.facebook.com\/composer\/ocelot\/async_loader\/?publisher=feed\">a different endpoint<\/a> that enabled the same sort of data access. The response from Facebook security was, &#8220;In this case, the issue you&#8217;ve described is actually just intended functionality and therefore doesn&#8217;t qualify for a bounty.&#8221;<\/p>\n<p>&#8220;Facebook seems to have not learned their lesson from 2018 and is still exposing a plain text god mode token for every user, on a niche page that specific developers know about,&#8221; said Edwards. &#8220;Facebook calls this a feature, but when the first extension developer scrapes and steals data from countless pages and users, will that be when Facebook finally admits it&#8217;s a bug just like the 2018 problems?&#8221;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" id=\"story_eagle_xsm_sm_md_xmd_lg_xlg\" data-pos=\"mid\" data-raptor=\"eagle\" data-xsm=\",mpu,dmpu,\" data-sm=\",mpu,dmpu,\" data-md=\",mpu,dmpu,\" data-xmd=\",mpu,dmpu,\" data-lg=\",mpu,dmpu,\" data-xlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YgcHIazOV4sAurnBWgJdEAAAAJg&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YgcHIazOV4sAurnBWgJdEAAAAJg&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p><em>The Register<\/em> asked Facebook about the situation and about whether, as Edwards suggests, the company intends to revoke all the tokens obtained from its Creator Studio endpoint. We&#8217;ve not heard back.<\/p>\n<p>Mai said he made the extension to help friends who were thinking of quitting Facebook. The L.O.C. extension, which has more than 700,000 users, lets people download their Facebook conversations, change their post privacy settings, find and remove friends, and other functions.<\/p>\n<p>Mai said he has been banned from Facebook and added the company has contacted him to accuse him of transferring or sharing user data without consent \u2013 &#8220;I have never done this&#8221; \u2013 and of buying, selling, or exchanging site privileges such as likes, shares, and other aspects of engagement tracked by Facebook and Instagram \u2013 which he also denied.<\/p>\n<p>However, he said, he&#8217;d consider removing his extension &#8220;if Facebook was more reasonable with my Facebook account and Instagram account and if they provided me with better reasons why my extension is harmful for others.&#8221;<\/p>\n<p><em>The Register<\/em> asked Brave whether it intends to reconsider its ban of L.O.C. based on Mai&#8217;s explanation of what&#8217;s going on. A Brave spokesperson said, \u201cWe\u2019re working with the extension author on some changes to the extension so that it can be unblocked in Brave.\u201d.<\/p>\n<h3 class=\"crosshead\"> <span>Improper extensions still an issue<\/span><br \/>\n<\/h3>\n<p>Edwards said Facebook&#8217;s Terms of Service falls short here because while the company insists people use <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/developers.facebook.com\/docs\/development\/create-an-app\/\">its app platform<\/a>, it doesn&#8217;t prevent people from using browser extensions.<\/p>\n<p>And this gap that exposes user data is compounded by the way Chrome extensions currently work. As Edwards describes it, Chrome extensions can request permissions on one domain you control and on another you don&#8217;t, and then open a browser tab upon installation that creates an opportunity to scrape API tokens and session IDs for various different types of apps.<\/p>\n<p>&#8220;Facebook just happens to have a legacy web permission hardcoded into a page on their &#8216;creator studio&#8217; they built, which makes it possible for someone who controls one of these extensions to scrape hundreds of thousands of Facebook tokens, without ever signing up for the Facebook developer program and using the correct\/native Facebook app\/dev sharing features,&#8221; explained Edwards.<\/p>\n<p>&#8220;Basically, Facebook can&#8217;t &#8216;ban&#8217; an extension, even if Facebook knows the extension should not be allowed to request permissions on facebook.com and their own team thinks it&#8217;s malicious,&#8221; he added.<\/p>\n<p>&#8220;And currently, Google doesn&#8217;t want to acknowledge that the [Chrome App Store] is overrun with developers requesting permissions on two domains, one they control and one they don&#8217;t. This is the practice that just needs to stop as fast as possible or be acknowledged publicly by Google so they can explain any future fixes to prevent these problems.&#8221;<\/p>\n<p>Edwards said between the broad scope of Chrome extension permissions and the bewildering decision by Facebook to keep this &#8220;god mode&#8221; token embedded on a page for years after being altered to the problem, it&#8217;s a perfect storm for data theft. \u00ae<\/p>\n<p> READ MORE <a href=\"https:\/\/go.theregister.com\/feed\/www.theregister.com\/2022\/02\/12\/facebook_god_mode\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Ban of Chrome extension by Brave reveals risk of potential API abuse at Meta Brave this week said it is blocking the installation of a popular Chrome extension called L.O.C. because it exposes users&#8217; Facebook data to potential theft.\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-45254","post","type-post","status-publish","format-standard","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Facebook exposes &#039;god mode&#039; token that could siphon data 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/facebook-exposes-god-mode-token-that-could-siphon-data\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Facebook exposes &#039;god mode&#039; token that could siphon data 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/facebook-exposes-god-mode-token-that-could-siphon-data\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-02-12T00:28:46+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YgcHIazOV4sAurnBWgJdEAAAAJg&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/facebook-exposes-god-mode-token-that-could-siphon-data\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/facebook-exposes-god-mode-token-that-could-siphon-data\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Facebook exposes &#8216;god mode&#8217; token that could siphon data\",\"datePublished\":\"2022-02-12T00:28:46+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/facebook-exposes-god-mode-token-that-could-siphon-data\\\/\"},\"wordCount\":1016,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/facebook-exposes-god-mode-token-that-could-siphon-data\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YgcHIazOV4sAurnBWgJdEAAAAJg&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/facebook-exposes-god-mode-token-that-could-siphon-data\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/facebook-exposes-god-mode-token-that-could-siphon-data\\\/\",\"name\":\"Facebook exposes 'god mode' token that could siphon data 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/facebook-exposes-god-mode-token-that-could-siphon-data\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/facebook-exposes-god-mode-token-that-could-siphon-data\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YgcHIazOV4sAurnBWgJdEAAAAJg&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"datePublished\":\"2022-02-12T00:28:46+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/facebook-exposes-god-mode-token-that-could-siphon-data\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/facebook-exposes-god-mode-token-that-could-siphon-data\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/facebook-exposes-god-mode-token-that-could-siphon-data\\\/#primaryimage\",\"url\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YgcHIazOV4sAurnBWgJdEAAAAJg&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"contentUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YgcHIazOV4sAurnBWgJdEAAAAJg&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/facebook-exposes-god-mode-token-that-could-siphon-data\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Facebook exposes &#8216;god mode&#8217; token that could siphon data\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Facebook exposes 'god mode' token that could siphon data 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/facebook-exposes-god-mode-token-that-could-siphon-data\/","og_locale":"en_US","og_type":"article","og_title":"Facebook exposes 'god mode' token that could siphon data 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/facebook-exposes-god-mode-token-that-could-siphon-data\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-02-12T00:28:46+00:00","og_image":[{"url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YgcHIazOV4sAurnBWgJdEAAAAJg&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/facebook-exposes-god-mode-token-that-could-siphon-data\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/facebook-exposes-god-mode-token-that-could-siphon-data\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Facebook exposes &#8216;god mode&#8217; token that could siphon data","datePublished":"2022-02-12T00:28:46+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/facebook-exposes-god-mode-token-that-could-siphon-data\/"},"wordCount":1016,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/facebook-exposes-god-mode-token-that-could-siphon-data\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YgcHIazOV4sAurnBWgJdEAAAAJg&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/facebook-exposes-god-mode-token-that-could-siphon-data\/","url":"https:\/\/www.threatshub.org\/blog\/facebook-exposes-god-mode-token-that-could-siphon-data\/","name":"Facebook exposes 'god mode' token that could siphon data 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/facebook-exposes-god-mode-token-that-could-siphon-data\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/facebook-exposes-god-mode-token-that-could-siphon-data\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YgcHIazOV4sAurnBWgJdEAAAAJg&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","datePublished":"2022-02-12T00:28:46+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/facebook-exposes-god-mode-token-that-could-siphon-data\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/facebook-exposes-god-mode-token-that-could-siphon-data\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/facebook-exposes-god-mode-token-that-could-siphon-data\/#primaryimage","url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YgcHIazOV4sAurnBWgJdEAAAAJg&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","contentUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YgcHIazOV4sAurnBWgJdEAAAAJg&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/facebook-exposes-god-mode-token-that-could-siphon-data\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Facebook exposes &#8216;god mode&#8217; token that could siphon data"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/45254","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=45254"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/45254\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=45254"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=45254"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=45254"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}