No Privacy: Facebook User Pages Exposed To ‘3rd Parties’

X

Security experts Symantec has discovered a glitch in Facebook’s settings which allows advertisers access users private pages.

  The Social Network has accidently leaked ‘tokens’ to third parties which allowed them look at users profiles, pictures, chat and other private data , according to Nishant Doshi, from Symantec.

Doshi and colleague Candid Wueest first discovered the leak, and over the past 3 years hundreds of thousands of applications uploaded may have inadvertently leaked millions of access tokens to third parties.

The ‘tokens’ generally act as a backup method of accessing information and were leaked when uploading new web applications like games onto its platform.

20 million such apps are uploaded daily, and the breach is said to have been taking place since 2007.

“Third parties, in particular advertisers, have accidentally had access to Facebook users’ accounts including profiles, photographs, chat, and also had the ability to post messages and mine personal information” said Doshi in a blog.

“We estimate that as of April 2011, close to 100,000 applications were enabling this leakage. We estimate that over the years, hundreds of thousands of applications may have inadvertently leaked millions of access tokens to third parties.”

However, luckily, the third-parties which includes ‘advertisers and analytic platforms’ may not have realized their ability to access this information.

 

“We have reported this issue to Facebook, who has taken corrective action to help eliminate this issue,” Symantec confirmed. “Access tokens are like ‘spare keys’ granted by you to the Facebook application. Applications can use these tokens or keys to perform certain actions on behalf of the user or to access the user’s profile. Each token or ‘spare key’ is associated with a select set of permissions, like reading your wall, accessing your friend’s profile, posting to your wall, etc,” according to the blog.

Facebook also admitted the error, and have notified changes on their end to prevent such leakages from reoccurring.

Olimpia Splendid Unico Cooling 728x90 No Privacy: Facebook User Pages Exposed To 3rd Parties
Frame 728x90 No Privacy: Facebook User Pages Exposed To 3rd Parties
en us WD Black Banners Portfolio 728x90 No Privacy: Facebook User Pages Exposed To 3rd Parties
720 x 97 1 No Privacy: Facebook User Pages Exposed To 3rd Parties
Banner Shyla 728x90 No Privacy: Facebook User Pages Exposed To 3rd Parties
Uniden PRO 728 x 90 No Privacy: Facebook User Pages Exposed To 3rd Parties
728x90 7 No Privacy: Facebook User Pages Exposed To 3rd Parties
2231 NEXUS 4SQM Digital Banner Ads Leaderboard 728x90 No Privacy: Facebook User Pages Exposed To 3rd Parties
4Squre Ads 07 728x90 1 No Privacy: Facebook User Pages Exposed To 3rd Parties
LG HE FN Series Banners 4SQM LB 728x90 No Privacy: Facebook User Pages Exposed To 3rd Parties


YOU MAY ALSO LIKE