Facebook apps accidentally leak personal data, Symantec says

According to security firm Symantec, some advertisers on Facebook may have had access to your person profile, photographs and chats thanks to a security leak that was enabled by close to 100,000 Facebook applications. Thankfully, Symantec doesn’t think the advertisers ever knew that they had access to the personal data, and Facebook has already “taken corrective action to help eliminate this issue.” Symantec said that Facebook IFRAME applications were leaking “access tokens” — think of them as “spare keys” — that are granted to Facebook applications. While Facebook now uses OAUTH2.0 for authenticating users, hundreds of thousands of older applications still use a different authentication method. “There’s no good way to estimate how many access tokens have already been leaked since the release of Facebook applications back in 2007,” the report said, but Symantec thinks some may still be available through log files in third-party servers. Symantec advises Facebook users to change their passwords to invalidate those floating access tokens.

[Via The Huffington Post]

Read

blog comments powered by Disqus