Facebook apps accidentally leaking access to third parties – change your Password now!

According to an investigation by Symantec, third parties (advertisers, analytic platforms, and other third parties), have accidentally had access to Facebook users’ accounts (profiles, pictures, chat,etc.) and also had the ability to post messages and mine personal information. However, these third-parties may not have realized their ability to access this information.

Facebook applications are Web applications that are integrated onto the Facebook platform. According to Facebook, 20 million Facebook applications are installed every day.

Symantec has discovered that in certain cases, Facebook IFRAME applications inadvertently leaked access tokens to third parties like advertisers or analytic platforms. We estimate that as of April 2011, close to 100,000 applications were enabling this leakage. We estimate that over the years, hundreds of thousands of applications may have inadvertently leaked millions of access tokens to third parties.

Access tokens are like ‘spare keys’ granted by you to the Facebook application. Applications can use these tokens or keys to perform certain actions on behalf of the user or to access the user’s profile. Each token or ‘spare key’ is associated with a select set of permissions, like reading your wall, accessing your friend’s profile, posting to your wall, etc.

Note: Symantec reported this issue to Facebook, who has taken corrective action to help eliminate this issue, however, Symantec advises Facebook users to change their passwords on Facebook in order protect their accounts from being mined.

Source: Symantec

Related Posts:

Stay in touch with Soft32

Soft32.com is a software free download website that provides:

121.218 programs and games that were downloaded 237.780.356 times by 402.775 members in our Soft32.com Community!

Get the latest software updates directly to your inbox