Originally posted by ndmmxiaomayi:
It's either done via XSS (IFRAME is allowed in Friendster), or their computers were already compromised before the hack.
Since most users use IE, it loads the IFRAME, allowing XSS to take place, steal passwords and edit the profile, all without the users realizing.
Those using IE-based browsers are affected as well, like Maxthon and Avant.
The likelihood of a computer that's already compromised to do the hack is quite low, since it affects a lot of people. On such a large scale, there must be something that's vulnerable enough.
I use ff, comp won't be affected right?