ANZ Dashboard DigestCanada Dashboard DigestDaily Dashboard

App Glitch Allowed Fourth-Party Access to Accounts

ONLINE PRIVACY

May 11, 2011

A security firm has exposed a Facebook vulnerability that allowed third-party applications to share "access tokens" with advertisers and analytics companies, giving them access to users' accounts--including the ability to post information, read wall posts, access friends' profiles and mine personal information, reports The Wall Street Journal. The vulnerability has existed for years and likely affected about 100,000 apps, according to Symantec, which also said it's possible the third parties didn't know they had this ability. Symantec alerted Facebook to the vulnerability in April and the company has since addressed the problem and conducted an investigation that revealed "no evidence of this issue resulting in a user's private information being shared with unauthorized third parties," said a Facebook spokeswoman. (Registration may be required to access this story.)
Full Story