Symantec Warns Certain Facebook Apps Are Leaking Info to Third Parties

By

It looks like some personal information has yet again been exposed, but this time it’s not all on Sony’s network.

Antivirus software company Symantec says a programming bug on Facebook may have mistakenly given advertisers, and others, a chance to scan the personal information of those using certain apps.

Nearly 100,000 Facebook applications have been inadvertently handing advertisers and online analytics companies, “access tokens,” strings of numbers and letters that can be used by a browser to access Facebook accounts online. The leaks were made via URLs that third parties received, according to a report in PCWorld.

Essentially, Facebook users have been sold out by their applications.

During the application installation process, the application requests the user to grant permissions to these actions. Upon granting these permissions, the application gets an access token.

By default, most access tokens expire after a short time, however the application can request offline access tokens which allow them to use these tokens until a user changes his or her password, even when not logged in.

“Access tokens are like ‘spare keys’ granted by you to the Facebook application. Applications can use these tokens or keys to perform certain actions on behalf of the user or to access the user’s profile. Each token or ‘spare key’ is associated with a select set of permissions, like reading your wall, accessing your friend’s profile, posting to your wall, etc.,” said Symantec in a blog post.

Information that may have been accessed includes profiles, photographs and chat. The access also had the ability to post messages and personal information.

“Fortunately, these third-parties may not have realized their ability to access this information. We have reported this issue to Facebook, who has taken corrective action to help eliminate this issue," Symantec said.

"Unfortunately, Symantec's resulting report has a few inaccuracies," Facebook spokeswoman Malorie Lucich said in a statement. "Specifically, we have conducted a thorough investigation that revealed no evidence of this issue resulting in a user's private information being shared with unauthorized third parties."

Lucich said the report also ignores the contractual obligations of advertisers and developers that prohibit them from obtaining or sharing user information in a way that "violates our policies.”

The remedy is plain and simple – just close this potential security hole for good by changing your password, as that will automatically revoke all previously issued keys.



Michelle Amodio is a TechZone360 contributor. She has helped promote companies and groups in all industries, from technology to banking to professional roller derby. She holds a bachelor's degree in Writing from Endicott College and currently works in marketing, journalism, and public relations as a freelancer.

TechZone360 Contributor

SHARE THIS ARTICLE
Related Articles

Coding and Invention Made Fun

By: Special Guest    10/12/2018

SAM is a series of kits that integrates hardware and software with the Internet. Combining wireless building blocks composed of sensors and actors con…

Read More

Facebook Marketplace Now Leverages AI

By: Paula Bernier    10/3/2018

Artificial intelligence is changing the way businesses interact with customers. Facebook's announcement this week is just another example of how this …

Read More

Oct. 17 Webinar to Address Apache Spark Benefits, Tools

By: Paula Bernier    10/2/2018

In the upcoming webinar "Apache Spark: The New Enterprise Backbone for ETL, Batch and Real-time Streaming," industry experts will offer details on clo…

Read More

It's Black and White: Cybercriminals Are Spending 10x More Than Enterprises to Control, Disrupt and Steal

By: Cynthia S. Artin    9/26/2018

In a stunning new report by Carbon Black, "Hacking, Escalating Attacks and The Role of Threat Hunting" the company revealed that 92% of UK companies s…

Read More

6 Challenges of 5G, and the 9 Pillars of Assurance Strategy

By: Special Guest    9/17/2018

To make 5G possible, everything will change. The 5G network will involve new antennas and chipsets, new architectures, new KPIs, new vendors, cloud di…

Read More