Trouble Thinking

May 11, 2011

Facebook App Security Hole Allows Anyone Who Cares To See Your Personal Data… For Going on Four Years.

Filed under: The Internet — Tags: , , , , , — Durandal @ 12:59 pm

So, let me just say that I am a slightly paranoid … let’s say “thing” because I’m not giving you fucking vampires anything to go on.

There’s a reason that my name is Durandal on here instead of Richard Dean Anderson, and that’s to keep my identity out of the hands of the thronging hordes that are trying to take it from me. It’s not an entirely rational position, I’ll admit.

But for fuck’s sake, people. Is Facebook really so incredible that having every single personal detail leaked every month or two is worth sticking with it? Text your friends or something, store your photos on Flickr. Stop acting like you’ll ever contact that bitch from high school, you guys only added each other because you were both in dance together and you feel obligated to pretend you liked your entire extended pre-college social group.

The latest lovely news on the privacy front from Facebook comes from the security firm Symantec, revealing that a loophole in the way applications on Facebook work means that hundreds of thousands, if not millions, of “keys” that allow you to access a users private information, post to their wall, and view photos, were handed out to advertisers and search engine bots. According to Symantec:

Symantec has discovered that in certain cases, Facebook IFRAME applications inadvertently leaked access tokens to third parties like advertisers or analytic platforms. We estimate that as of April 2011, close to 100,000 applications were enabling this leakage. We estimate that over the years, hundreds of thousands of applications may have inadvertently leaked millions of access tokens to third parties.

Access tokens are like ‘spare keys’ granted by you to the Facebook application. Applications can use these tokens or keys to perform certain actions on behalf of the user or to access the user’s profile. Each token or ‘spare key’ is associated with a select set of permissions, like reading your wall, accessing your friend’s profile, posting to your wall, etc.

So think long and hard about whether or not Farmville is so fun that it’s worth having your contact information and drunk party pictures accessible to anyone who puts a bit of effort into finding some of these things.

At the very least, change your password to invalidate this shit. According to Symantec:

There is no good way to estimate how many access tokens have already been leaked since the release Facebook applications back in 2007. We fear a lot of these tokens might still be available in log files of third-party servers or still being actively used by advertisers. Concerned Facebook users can change their Facebook passwords to invalidate leaked access tokens. Changing the password invalidates these tokens and is equivalent to “changing the lock” on your Facebook profile.


  1. Hmm… I’ve made it a policy to not touch any Facebook application for the last few years but I did some quizzes in the past. This is good to know, changing my password.

    Comment by taekwondogirl — May 20, 2011 @ 3:58 pm

  2. We’ve be shown a very few perfect material right here. Surely importance bookmarking intended for returning to. I wonder simply how much try you set to generate such a superb educational web site.

    Comment by Facebook Application Free,Facebook Applications — October 17, 2013 @ 6:01 pm

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: