Black Friday Is Almost Here!
The Inventory team is rounding up deals you don’t want to miss, now through Cyber Monday. Click here to browse!

100,000 Facebook Apps Have Been Accidentally Leaking Personal Data For Years

Symantec, a security company, has found that third party Facebook apps have accidentally had access to Facebook users' accounts for years. Specifically, they could see your profile, photographs, chat and also have the ability to post messages and mine personal information.

Um, that's not good at all. Luckily though, it seems like the third party apps weren't even aware they had access to all this information. But how the frak did this happen?

Advertisement

Symantec discovered that "Facebook IFRAME applications inadvertently leaked access tokens to third parties like advertisers or analytic platforms". Symantec termed access tokens as a sort of 'spare key' given to Facebook apps to let the app do certain things (read your wall, access profile, etc).

The problem was that Facebook leaked the access token "by sending a HTTP request containing the access tokens in the URL to the application host." These apps would then unknowingly pass on the URL, which contained user access tokens, to advertisers. Which means people you don't want to find out things about you, could have easily found out things about you.

Advertisement

Facebook, when notified by Symantec, has fixed the problem and Douglas Purdy, director of developer relations said:

We appreciate Symantec raising this issue and we worked with them to address it immediately. Unfortunately, their resulting report has some inaccuracies. Specifically, we've conducted a thorough investigation which revealed no evidence of this issue resulting in a user's private information being shared with unauthorized third parties. In addition, this report ignores the contractual obligations of advertisers and developers which prohibit them from sharing user information in a way that violates our policies.

Seems like Facebook dodged a humungous sized bullet there. If you still feel unsafe, it wouldn't hurt to change your password as that will kill off any of those remaining access tokens tied to your account. [Symantec via The Next Web]

Share This Story

Get our newsletter

DISCUSSION

funny i cant Like or Post this on fb