Search⌘ K
Home
Courses
Grokking the Product Architecture Interview

Facebook and Uber APIs Failure

Explore the causes and consequences of API failures at Facebook and Uber in 2018, focusing on vulnerabilities like excessive data exposure and weak authentication. Learn strategies used to mitigate these risks, including securing endpoints and limiting data returned to unauthorized users, to build more secure API designs.

We'll cover the following...

APIs can become vulnerable, allowing hackers to take over the control of the system. This can be a root cause of API failure. The big tech companies have always been the target of hackers trying to access the data of millions of users. This lesson discusses events that occurred in recent years with Facebook and Uber because both companies had similar security vulnerabilities.

Facebook API failure

In 2018, Facebook discovered a massive data breach of 50 millionSee: https://about.fb.com/news/2018/09/security-update/ (the claim was later modified to about 87 million) accounts. The hackers used the video upload functionality created in 2017 by Facebook for the data breach. A feature called "View as" in users' profiles lets users see how their profile looks to other users. It also lets users customize it to see their profile through a specific user’s perspective through "View as."

How did it happen?

A vulnerability in Facebook's code impacted the "View as" feature by generating access tokens for Facebook ...