Facebook Applications Data Leakage Prompts Symantec Researchers To State: Change Your Facebook Password Now.

Tweet

Share

Tweet

Symantec researchers issued a statement yesterday informing Facebook users to change their Facebook login password immediately. Apparently they have uncovered a Facebook bug which was able to provide 3rd party access to Facebook users’ accounts.

They estimate that as of April 2011, close to 100,000 Facebook applications were leaking what they call “Access token's" to 3rd party advertisers.

Quote Via Symantec

"Access tokens are like ‘spare keys’ granted by you to the Facebook application. Applications can use these tokens or keys to perform certain actions on behalf of you the user or to access the user’s profile. Each token or ‘spare key’ is associated with a select set of permissions, like reading your wall, accessing your friend’s profile, posting to your wall, etc."

Facebook took corrective action to help eliminate this issue once Symantec notified them of it, however there is no possible way to estimate how many access tokens have already been leaked since the release of Facebook applications back in 2007. Because of this, Symantec fears that a lot of these tokens might still be available in log files of third-party servers or still being actively used by advertisers.

Symantec states that concerned Facebook users should change their Facebook passwords immediately to invalidate the leaked access tokens. Changing your Facebook password makes the leaked access tokens invalid and is equivalent to “changing the lock” on your Facebook profile.

How To Change Your Facebook Password:

1. From your Facebook home page click "Account", Then "Account Settings".
2. On the "My Account" page, In the "Settings" tab, scroll down to the heading "Password" and click the "Change" Link to the right of that heading.
3. Once you've typed in your old password and then your new password twice, simply click the "Change Password" button and you are done. (Please remember not to make your password easy to guess or to  make the same as you have on other web accounts.)

To read more about the issue, please visit the links below.

Facebook Applications Accidentally Leaking Access to Third Parties
http://www.symantec.com/connect/blogs/facebook-applications-accidentally-leaking-access-third-parties

Symantec: Facebook Security Flaw Could Have Compromised User Information
http://www.huffingtonpost.com/2011/05/10/facebook-app s-flaw-leak-profile-access_n_860278.html

About Black Knight

I am a computer repair technician with over 15 years experience and have been computer security and information privacy enthusiast for the last 4 years. I've helped literally thousands of individuals fix their issues by offering help through various blogs and Facebook pages. I like teaching myself and others new things, and believe in freely sharing knowledge.