Click to enlarge |
Security experts Symantec, said this week it discovered a glitch in Facebook's settings this week which allowed advertisers and other analytic platforms access users pages on ‘private' settings.
The Social Network accidently leaked 'tokens' to third parties which allowed them look at users profiles, pictures, chat and other private data.
Read
No Privacy: Facebook User Pages Exposed To ‘3rd Parties' here However, there's more to come, says Ty Miller, Chief
Technology Officer from Pure Hacking, who told ChannelNews social networking sites frequently fall prey to weak access controls, so it's no surprise the breach took place.
"Access controls are a major security concern in all online applications, and are commonly found in our web application penetration test reports."
"During our web application penetration tests we find that complex web applications, such as social networking sites, often contain serious vulnerabilities such as weak access controls."
"This won't be the last access control issue found with Facebook," he warned.
Such system ‘vulnerabilities' can result in anything from information disclosure through to full account compromise.
Facebook have stated that "most access tokens expire in two hours",
however, this doesn't hold much ground when an attack can be automated
to run every two hours.
