Facebook profile access ‘leaked’, claim security firm

Facebook’s security, particularly in relation to third-party apps, has been brough into question again this week. It was discovered by security firm Symantec that some programs were inadvertently sharing access tokens, which could in theory be used by advertisers. As of last month, up to 100,000 applications were still enabling leaks.

The access tokens are essentially ‘spare keys’ to a Facebook user’s account. These ‘keys’ will typically be given out, with the user’s permission, to aid applications on the Facebook platform junction. Normally, applications with the keys could access a user’s profile and photographs, as well as posting messages on their wall – for example when you complete a quiz or get a high score on a game which is a Facebook app, it will post on your wall with the results.

However, the newly-discovered weakness in the old authentication method would allow millions of access tokens to be passed to further third-parties – likely to include advertisers – through referral data. However Symantec’s Nishant Doshi downplayed the risk, adding: “Fortunately, these third-parties may not have realised their ability to access this information.”

Kevin Purdy, Facebook’s director of developer relations disputed the findings. He said: “We’ve conducted a thorough investigation which revealed no evidence of this issue resulting in a user’s private information being shared with unauthorised third parties.”

To further ease user anxiety, Paul Mutton, a security analyst at Netcraft, said that while the vulnerability could potentially be used for malicious purposes, no secure data such as passwords has been taken.

About Andrew Robertson

I'm Andrew, I work as the Social Media & Marketing Assistant at SocialSafe. I've been writing blogs on here for over two years now, so you'll find pieces from me about anything relating to social media and tech, as well as the changing face of personal data. There's also room for the occasional post on some slightly off topics stories... just for the sake of variety!!

One thought on “Facebook profile access ‘leaked’, claim security firm

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s