Symantec: Facebook accidentally leaked your data

email article email article print article print article tip @techmeme

In yet another case of online security being breached, US computer security firm Symantec has said that Facebook accidentally left a door open for advertisers to access profiles, pictures, chat and other private data from the social network.

The California based social-network said that there was no evidence anyone stepped through that door and swiped any information from the accounts of its more than 500 million members.

Symantec discovered that certain Facebook applications leaked tokens that essentially act as “spare keys” for accessing profiles, reading messages, posting to walls or other actions. Facebook applications are Web software programs that are integrated onto the leading online social network’s platform.

Symantec said that 20 million Facebook applications, such as games, are installed every day.

“We appreciate Symantec raising this issue and we worked with them to address it immediately,” Facebook said in response to inquiries. The tokens were being leaked to third-party applications including advertisers and analytics platforms, allowing them to post messages or mine personal information from profiles, according to Nishant Doshi of Symantec.

“Fortunately, these third-parties may not have realized their ability to access this information,” Doshi said in a blog post. “We have reported this issue to Facebook, who has taken corrective action to help eliminate this issue.”

Symantec estimated that as of April, nearly 100,000 applications were giving away keys to Facebook profiles. “We estimate that over the years, hundreds of thousands of applications may have inadvertently leaked millions of access tokens to third parties,” Doshi said.

Facebook confirmed the problem, which was discovered by Doshi and Symantec colleague Candid Wueest. But Facebook said the Symantec report had a few “inaccuracies.”

There was no evidence that the problem resulted in private information being gleaned from Facebook members’ accounts. Facebook continued, “In addition, this report ignores the contractual obligations of advertisers and developers which prohibit them from obtaining or sharing user information in a way that violates our policies.”

There was no reliable estimate of how many tokens have been leaked since the release of Facebook applications in 2007. Despite whatever fix Facebook has put in place, token data may still be stored in files on third-party computers, Symantec warned.

“Concerned Facebook users can change their Facebook passwords to invalidate leaked access tokens,” Doshi said. “Changing the password invalidates these tokens and is equivalent to ‘changing the lock’ on your Facebook profile.”

email article email article print article print article

Related Articles on the Web

Related articles

Topics for this article


Share
  • BURN MEDIA TV

    WATCH THE LATEST EPISODE NOW
    Latest Episode
    How to unlock 3 awesome hidden tricks in Google Maps

MORE HEADLINES

news

VIEW MORE

interviews

VIEW MORE

future trends

VIEW MORE

entrepreneurship

VIEW MORE

social media

VIEW MORE

facebook

VIEW MORE

twitter

VIEW MORE

google

VIEW MORE

advertising & marketing

VIEW MORE

online media

VIEW MORE

design

VIEW MORE

mobile

VIEW MORE

More in Facebook, News

Management must man up for cloud to succeed

Read More »
Link