Facebook Profile Access Leaked

Almost everyone has heard about social networking site Facebook; however reports have revealed that thousands of Facebook accounts may have been leaked because of a flaw in some of the Facebook applications.

Symantec the security firm discovered that programs were inadvertently sharing access tokens which were what the advertisers could use. Although Facebook stated that all of their authentication methods were being worked on and improved further investigation found that an estimated 100,000 applications and more enabling leaks as of last month.

The way to look at this is to imagine a set of spare keys; these are the tokens that give access to a Facebook user’s account. When given out with the user’s permission the applications on the Facebook platform are able to perform meaning that there is access to the user’s profile, photographs, videos as well as being able to post messages onto their wall.

Old authentication methods would allow, through referral data “spare keys” to be passed onto third parties who would be inclusive of advertisers and over the years this may have resulted in millions of leaked access tokens being handed over to third parties.

However, before everyone gets into a panic about it all because this has not long become apparent it would seem that third parties may have not even realised that they could access this information. Any new applications are now required to authenticate using OAuth 2.0 which is used by several sites inclusive of Google and Twitter.

This has not yet been made compulsory and so Symantec have advised that if users are worried then please change your passwords and then there will be no spare keys to access their profile.

Socials are becoming the up and coming thing for online businesses. Brick technology web design can integrate these into your website linking them all together. Through our internet marketing team we can effectively manage these for you and even get referrals to your website.

For more information then please contact us on 01254 277190 or email info@brickweb.co.uk.

Posted in Blog on