A report was recently published claiming that nearly 100,000 Facebook apps have been leaking access codes belonging to millions of users’ profiles. Symantec released the report and said that an app security flaw may have given apps and other third parties access to users’ profiles. Facebook maintains that they have no evidence of this occurring.
In their report, Symantec wrote:
We estimate that as of April 2011, close to 100,000 applications were enabling this leakage. We estimate that over the years, hundreds of thousands of applications may have inadvertently leaked millions of access tokens to third parties.
These “access tokens” help apps interact with your profile.They are most often used to post updates from the application to your wall. When you add the applications to your profile you, as the Facebook user, is giving the apps access to your information by accepting their conditions. According to the investigation, these tokens were included in URLs sent to the application host and were then sent to advertisers and analytics platforms. If the recipient recognized the codes (meaning they have to be qualified to read and write HTML code), they could gain access to the user’s wall’s and profile.
It was announced on Tuesday that the flaw has been fixed by Facebook, but I still recommend that you change your password. And don’t just change it every time Facebook experiences a breach, but every few months. By keeping all of your passwords current and original, you are decreasing the chances that you will be hacked and that your accounts (financial, social, and otherwise) will be compromised.
John Sileo is one of America’s leading Social Networking Security Speakers. You can learn more about Facebook Safety and how to protect yourself online here. His clients include the Department of Defense, Pfizer and the FDIC. To learn more about having him speak at your next meeting or conference, contact him by email or on 800.258.8076.