Clickjacking Vulnerabilities Expose User Data from Amazon, Google, Live and Yahoo!

Several popular services, including Google, Amazon, Yahoo! and Live, could be leveraged by cybercrooks to collect user data through clickjacking flaws.

Going on the basis that websites by themselves use options to collect data visitors, it does not take much effort on the part of hackers to exploit additional information gathered as a result of a vulnerability or exploitation. Using new and creative clickjacking methods takes harvesting data to a new level. In fact, security researcher Luca De Fulgentis has uncovered recent cases where clickjacking was used to extract user information within support.google.com and other large services despite security mechanisms put in place by these facilities.

Clickjacking has been an emerging phenomenon in the hacker world where cybercrooks utilize a malicious technique to trick web surfers into clicking on something different from what they initially perceive thus unknowingly reveal personal information. In the case of large services such as Google, Microsoft's Live, Yahoo! and Amazon, De Fulgentis found a vulnerability within certain websites that could allow clickjacking schemes to take place thus registering unknowing clicks. These clicks would then lead to easily collecting user data within these services.

Case in point, the videos below published by De Fulgentis shows a short demonstration of how the clickjacking takes place on a user interface readdressing vulnerability on an Amazon page and Google Support page.

Clickjacking scams continue to be a burden for many legitimate entities online. The fact that many of these vulnerable pages belong to companies, who make it a point to put in preventative mechanisms for these issues, goes to show how effective clickjacking schemes can turn out to be. Let the demonstration videos above be a cautionary tale the next time you click on something, and you get an unexpected action.