A number of data-scraping groups have been using the Facebook link preview feature to scrape data from internet sites which disguised as Facebook’s content crawler. They are using a technique which consists of utilising Facebooks developer accounts in order to place calls to Facebook or Facebook’s Messenger API servers requesting a link preview for pages a group wanted to scrape. Facebook then fetch the data, assemble it in a link preview, and send it to the data scrapers as an API response. The data is then ready to be inputted into the scrapper’s databases. This technique has been especially efficient as most website operators now allow Facebook servers to crawl their sites, with Facebook using the collected data for legitimate purposes, either as link previews on the social network, Facebook Messenger, Instagram or WhatsApp.
The post Facebook’s link preview feature abused for website-scraping scheme appeared first on IT Security Guru.