Flipkart.com
$1.99/mo Web Hosting
Save some Cold, Hard Cash! $7.49/yr domains

Wednesday, May 11, 2011

Facebook Applications Accidentally Leaking Access to Third Parties : Symantec

 Facebook users' personal information could have been accidentally leaked to third parties, in particular advertisers, over the past few years, according to Symantec Corp's official web blog.

Third-parties would have had access to personal information such as profiles, photographs and chat, and could have had the ability to post messages, Symantec's web blog said.

According to Symantec official blog

"Facebook applications are Web applications that are integrated onto the Facebook platform. According to Facebook, 20 million Facebook applications are installed every day.
Symantec has discovered that in certain cases, Facebook IFRAME applications inadvertently leaked access tokens to third parties like advertisers or analytic platforms. We estimate that as of April 2011, close to 100,000 applications were enabling this leakage. We estimate that over the years, hundreds of thousands of applications may have inadvertently leaked millions of access tokens to third parties.
Access tokens are like ‘spare keys’ granted by you to the Facebook application. Applications can use these tokens or keys to perform certain actions on behalf of the user or to access the user’s profile. Each token or ‘spare key’ is associated with a select set of permissions, like reading your wall, accessing your friend’s profile, posting to your wall, etc."

The third-parties may not have realised their ability to access the information. The post also said they have already informed facebook about this leakage.


The blog also said Facebook, the world's largest social networking website, has taken steps to resolve the issue.

Facebook has recently announced an update to their Developer RoadMap. The details of this update can be found here: https://developers.facebook.com/blog/post/497 

You can read more about this from :
http://www.symantec.com/connect/blogs/facebook-applications-accidentally-leaking-access-third-parties
 

No comments:

Post a Comment