iPhone app iPad app Android phone app Android tablet app More

Symantec: Facebook Security Flaw Could Have Compromised User Information

The Huffington Post   First Posted: 05/11/11 12:37 AM ET Updated: 07/10/11 06:12 AM ET

Inspiring
 Funny
 Obsolete
 Scary
 Must-Have
 Amazing
 Innovative
 Nerdy
Facebook App Leak

Symantec has published a report claiming that for several years nearly 100,000 Facebook apps have been leaking access codes belonging to millions of users' profiles.

Symantec's report says that an app security flaw may have given advertisers and other third parties access to Facebook users' profiles, though a Facebook spokesperson said in a statement that there is "no evidence" of this occurring.

Writes Symantec:

We estimate that as of April 2011, close to 100,000 applications were enabling this leakage. We estimate that over the years, hundreds of thousands of applications may have inadvertently leaked millions of access tokens to third parties.

Symantec compares these "access tokens" to spare keys that let apps interact with your profile.

For example, access tokens are often used if you'd like an app to automatically post game updates on your wall. You give apps permission to access certain parts of your profile, and the Facebook app functions according to those constraints.

According to Symantec's investigation, these tokens were included in URLs sent to the application host and were then sent to advertisers and analytics platforms. If the recipient recognized the codes, they'd be able to gain access to users' walls, profiles and more.

Facebook announced on Tuesday the app flaw has been patched, but Symantec still recommends that Facebook users change their passwords immediately.

Unlike last year's controversy over apps allegedly selling personal data to third parties, Symantec says that this time around, many third-party developers may not have known that they had access to users' accounts.

Nevertheless, Kevin Purdy, Facebook's director of developer relations, stated that the use of this personal data would be a violation of Facebook's developer policies.

A Facebook spokesperson offered the following statement to the Huffington Post:

We appreciate Symantec raising this issue and we worked with them to address it immediately. Unfortunately, their resulting report has a few inaccuracies. Specifically,we've conducted a thorough investigation which revealed no evidence ofthis issue resulting in a user's private information being shared with unauthorized third parties. In addition, this report ignores the contractual obligations of advertisers and developers which prohibit them from obtaining or sharing user information in a way that violates our policies. Finally, the change we announced today on our developer blog http://bit.ly/mebicS removes the outdated API referred to in Symantec's report.

Read Symantec's full report here.

FOLLOW HUFFPOST TECH

Symantec has published a report claiming that for several years nearly 100,000 Facebook apps have been leaking access codes belonging to millions of users' profiles. Symantec's report says that an...
Symantec has published a report claiming that for several years nearly 100,000 Facebook apps have been leaking access codes belonging to millions of users' profiles. Symantec's report says that an...
Related News On Huffington Post:
 

 
 
  • Comments
  • 71
  • Pending Comments
  • 0
  • View FAQ
Comments are closed for this entry
View All
Favorites
Recency  | 
Popularity
Page: 1 2 3  Next ›  Last »  (3 total)
photo
Buza Tech
0 Fans
09:00 PM on 05/12/2011
I am only writing to make you understand what a remarkable experience our princess undergone viewing your webblog. She picked up such a lot of things, with the inclusion of what it is like to possess an ideal teaching spirit to make the mediocre ones without difficulty fully grasp a variety of complicated matters. You actually did more than my desires. I appreciate you for delivering such great, dependable, edifying and also cool guidance on that topic to Evelyn.

I wait behind the visit ... http://www.buzatech.com < < < New Technology Information
Permalink  |
Krasky
4 Fans
 
04:12 AM on 05/12/2011
Facebook Spokesperson says there is "no evidence" of this occurring. Yet they annouce the app flaw has been patched. Can you patch something you have no evidence of it occurring?
Would Facebook be sued for failing to protect client information, starting to worry about Facebook.
Or will they be sued for part of the revenues earned from the dissemination of the information?
Permalink  |
photo
cvbnm67
Pursuing truth, and all those who threaten it.
301 Fans
01:00 AM on 05/12/2011
This information was sold. Facebook has enough money to secure your data. Have you ever heard of a bank data breach? When was the last time Bank of America, Chase, Wells Fargo or HSBC lost data or had their information hacked? Never, because it is not that hard to keep it secure. Banks have the information advertiser would kill for and they can't get it. So, next time you hear "data breach" think "data sold." Remember, once your information is claimed lost, stolen or hacked, the reporting company will have no qualms about selling it to the highest bidder, because it is already out in cyber space.
Permalink  |
PopeAntichristo
7 Fans
06:00 PM on 05/11/2011
Facebook made from NSA algorithms.

http://www.youtube.com/watch?v=NmuyfaDgX6w
Permalink  |
photo
HUFFPOST SUPER USER
apathyman
Let them hate, so long as they fear
194 Fans
05:13 PM on 05/11/2011
Facebook is unlikely to allow any apps to " mistakenly access your info" mainly because they want to sell it themselves.
Permalink  |
This user has chosen to opt out of the Badges program
landskroon
542 Fans
04:57 PM on 05/11/2011
Leaked or just, sold. These boys were the most intelligent in the world, how can something leak there?
Permalink  |
photo
HUFFPOST SUPER USER
Todd Behrmann
172 Fans
04:01 PM on 05/11/2011
And this would explain the "OMG can't believe she did that..." and similar type spams.
Permalink  |
What is this world
0 Fans
03:46 PM on 05/11/2011
I couldn't find the underage part, but the Today show just featured an 11 yr. old that some of her friends had hacked her account and posted nude pictures. Not one adult question the fact that she was underaged to begin with.

FB is maddening, now even our local art guild has a sign.."Like us on FB!" Its sickening!
Permalink  |
photo
HUFFPOST COMMUNITY MODERATOR
oldngrumpy
My micro-bio is no longer empty
1250 Fans
12:48 PM on 05/11/2011
If you are posting your "real" contact information anywhere on the net don't whine about being compromised. Throw away e-mail accounts are free and you can link them to other accounts without leaving a trail to follow if you don't want to take the time to check the throw away account. Use these accounts to register for FB and any other site and then make sure that there is no info posted that could be traced back to your actual identity anywhere else.

If you have to share personal info with someone on FB do it in the chat or messaging, not on your page. You can clear those and they are only seen by you and the person you are communicating with at that time. Every app that you accept (all those hearts and smileys, etc) has access to all your friends' info, as well as your own, so consider their security as well when accepting. I am appalled when I see that my grand children's schools have a FB account and "friend" all their students. A simple Google search for a school narrows down a pedophile's search to find a child's physical address. Schools should be encouraged to cancel their accounts with these social network sites immediately.
Permalink  |
farmmesca
3 Fans
12:19 PM on 05/11/2011
Inadvertently? LOL, LOL, LOL!!!
Permalink  |
blackcloud
2 Fans
03:06 PM on 05/11/2011
Facebook mines your address book and sells it to spammers.
Permalink  |
photo
HUFFPOST SUPER USER
Rokgoo
looking for the right side of the left
174 Fans
12:11 PM on 05/11/2011
Although Facebook gets very easy with the security of its code, what results in thousands of spams and hacks you see everyday on Facebook, Symantec with its nasty products like Norton Antivirus program, which just makes the operating system unusable, is the last one who should talk about such things.
Permalink  |
photo
PenguinLinux
got root ?
157 Fans
12:23 PM on 05/11/2011
Windows itself is unstable. No AV needed to cause that.
Permalink  |
photo
HUFFPOST SUPER USER
Rokgoo
looking for the right side of the left
174 Fans
03:25 PM on 05/11/2011
You missed the point.
Permalink  |
blackcloud
2 Fans
03:05 PM on 05/11/2011
Change to Linux OS which does not get virus.
Permalink  |
photo
HUFFPOST SUPER USER
Rokgoo
looking for the right side of the left
174 Fans
03:25 PM on 05/11/2011
You missed the point too.
Permalink  |
photo
paradoja
69 Fans
11:54 AM on 05/11/2011
Yet I've had no problems since Ive joined FB.
Permalink  |
photo
PenguinLinux
got root ?
157 Fans
11:55 AM on 05/11/2011
...that you are aware of.
Permalink  |
photo
paradoja
69 Fans
12:30 PM on 05/11/2011
Im on FB daily. I'm aware. Then again theres nothing of value to steal, hence i dont put personal info on my account...
Permalink  |
photo
jonester
Politics: whining and compromises
184 Fans
12:41 PM on 05/11/2011
Very true. The advertisers are probably using account info and status updates to create more relevant ads across the web.
Permalink  |
photo
PenguinLinux
got root ?
157 Fans
11:35 AM on 05/11/2011
Facebook is to security as olestra is to food. Both cause major leakage.
Permalink  |
photo
HUFFPOST SUPER USER
tlcpro
Work is not work when you love what you do.
253 Fans
 
11:32 AM on 05/11/2011
Yet another reason I don't use FaceBook. Other than the fact that my experience has been that of an online meat market, I value my privacy and since they can't seem to get secure, I am glad I closed my account there. I suggest that others do the same. They are making money hand over fist by selling our information. I'm not buying the accidental leak story.
Permalink  |
photo
Julie Rivera
3 Fans
06:02 PM on 05/11/2011
I don't use Facebook, either, for the same reasons given above. If more people had the will power to do the same, Facebook would change its nefarious ways.
Permalink  |
photo
Dwight Stickler
34 Fans
 
11:28 AM on 05/11/2011
way back when before social media was a "thing" that everyone and their mother wanted to exploit, it was given notion that the entire idea was to share wih people...
so more sharing then was anticipated occurred...
before facebook and the twitter were "household names", there were users who just wanted to share...
now that there is big money involved, people want to whine that they have shared too much...
like all internet communications activities, these things evolve...
if your wall or profile has been compromised, change your password...
if not then be grateful that your interests did not stray to one of these less then app developers
Permalink  |
photo
HUFFPOST SUPER USER
tlcpro
Work is not work when you love what you do.
253 Fans
 
11:34 AM on 05/11/2011
Be safe; close your account. If a married woman doesn't feel safe there, no one should be letting their kids use the service. I can't tell you how often I was sexually harassed on Face Book.
Permalink  |
Page: 1 2 3  Next ›  Last »  (3 total)