May 11, 2011

Facebook Apps - Leaking Your Profile to Third Parties

Getty Images
Not that I'm really shocked by any of this, but Symantec says Facebook apps are giving third parties access to your profile. That Farmville request doesn't look so benign and innocent now, does it?

Who are these third parties, exactly? Advertisers? No way. Apparently, they've had access to your profile, photos, chat,
and have even had the ability to post messages while gathering your information like a data goldmine that can be harvested for future spam. Yay.

The privacy hole occurs within 100,000 Facebook applications. How does it happen? When you decide to install an app, you often grant permission for the apps to do certain things, creating an access “token.”

These tokens have been getting leaked through Facebook's framework, but if you're highly, highly paranoid about your information being seen, Symantec notes that you can just change your password to invalidate leaked access tokens.

Luckily, Symantec notes that even these third parties may not have even have realized they have access, or were even aware about the exploit. Thankfully, Symantec's sent the information off to Facebook so that the company can take “corrective action to help eliminate this issue.”

Thanks Symantec! I'll just change my Facebook password. Oh wait, I've got to check in with FourSquare and tweet every passing second of my life today. (Come on, guys.)

(via Symantec)