No Privacy: Facebook User Pages Exposed To ‘3rd Parties’

X

Security experts Symantec has discovered a glitch in Facebook’s settings which allows advertisers access users private pages.

  The Social Network has accidently leaked ‘tokens’ to third parties which allowed them look at users profiles, pictures, chat and other private data , according to Nishant Doshi, from Symantec.

Doshi and colleague Candid Wueest first discovered the leak, and over the past 3 years hundreds of thousands of applications uploaded may have inadvertently leaked millions of access tokens to third parties.

The ‘tokens’ generally act as a backup method of accessing information and were leaked when uploading new web applications like games onto its platform.

20 million such apps are uploaded daily, and the breach is said to have been taking place since 2007.

“Third parties, in particular advertisers, have accidentally had access to Facebook users’ accounts including profiles, photographs, chat, and also had the ability to post messages and mine personal information” said Doshi in a blog.

“We estimate that as of April 2011, close to 100,000 applications were enabling this leakage. We estimate that over the years, hundreds of thousands of applications may have inadvertently leaked millions of access tokens to third parties.”

However, luckily, the third-parties which includes ‘advertisers and analytic platforms’ may not have realized their ability to access this information.

 

“We have reported this issue to Facebook, who has taken corrective action to help eliminate this issue,” Symantec confirmed. “Access tokens are like ‘spare keys’ granted by you to the Facebook application. Applications can use these tokens or keys to perform certain actions on behalf of the user or to access the user’s profile. Each token or ‘spare key’ is associated with a select set of permissions, like reading your wall, accessing your friend’s profile, posting to your wall, etc,” according to the blog.

Facebook also admitted the error, and have notified changes on their end to prevent such leakages from reoccurring.

Acer Predator 728x90 1 No Privacy: Facebook User Pages Exposed To 3rd Parties
Belkin Better Together 728x90 1 No Privacy: Facebook User Pages Exposed To 3rd Parties
211112 4Square Banner Narrow TWE3B 2 No Privacy: Facebook User Pages Exposed To 3rd Parties
TECHNICS AZ60 LEADERBOARD 728X90 V5 No Privacy: Facebook User Pages Exposed To 3rd Parties
PI SL Gold Aqipa 4SQM Banner Ads Leaderboard 728x90px ANZ v2 No Privacy: Facebook User Pages Exposed To 3rd Parties
SOUL S GEAR 4SQM banner 728x90px No Privacy: Facebook User Pages Exposed To 3rd Parties
CUST CRICKET FY22 Sport Cricket Q2 V1 728x90 No Privacy: Facebook User Pages Exposed To 3rd Parties
728x90 No Privacy: Facebook User Pages Exposed To 3rd Parties
LETWSBBK WBAN LB 728x90 1 No Privacy: Facebook User Pages Exposed To 3rd Parties
720x90 No Privacy: Facebook User Pages Exposed To 3rd Parties


YOU MAY ALSO LIKE