Skip to main content

Facebook Gave Out Access to Millions of User Info

A security oversight on Facebook's part has potentially granted the access of millions of user accounts to third parties like advertisers and analytic platforms.

Specifically, the problem came from Facebook applications that are granted access to an account by the user. The application then has an access token that are like a set of spare keys into a Facebook account.

The token can grant access to wall posts, photographs, and most other areas of a profile. Symantec estimates that close to 100,000 applications were inadvertently allowing the access tokens to be leaked out to third parties.

Most access tokens have an expiry point, but some can request for offline access that allows it to operate until the user changes his or her password. Facebook says that it has already changed its system so that this sort of token leakage isn't possible anymore, but tokens already leaked still work.

It's another "oops" on Facebook's privacy record, but users can at least put a halt to further access by changing their password.

Read more at Symantec's blog.

    Was not the first, will not be the last time it happened. Do not store any private info on Facebook. Everything on internet is public.
  • nukem950
    And people say I should use facebook a lot more. They do not care about what people see or know about them. I kinda do.
  • NuclearShadow
    CTPAHHIKWas not the first, will not be the last time it happened. Do not store any private info on Facebook. Everything on internet is public.
    This is unfortunately true. People have no idea how public their info really is. Even worse how just a small amount of info can lead to the grand picture.

    I did a experiment with a random picture of a young lady. This woman is a stranger to me and is not a celebrity of any sorts. From that picture alone I was able to reverse image search it, find more pictures of her and more personal info as I went along. I ended up with her full name, her general area, her boyfriends full name, her normal hang out spots. It lead me to her friends and family. I know what her job is and where she normally goes to, to do her job.
    I even know what middle school she attended. Her whole life was just mapped out in-front of me and this only took me a single day to find everything.

    This was just a experiment but I fear that because it is so easy those who have malicious intent
    could easily randomly find someone online, stalk their info leading to them, and then actually doing harm to them. There are a-lot of crazy people out there and these people can become easily obsessed with even a complete stranger. There is more of a danger to the internet than just identity and credit card theft. I urge people for the security of yourself, your friends, and your family that you keep as much of your personal information private as possible.
  • Parsian
    sharing it on facebook. f***ing hate it but i have it to share science and tech links
  • virtualban
    Security is where google might have a chance against facebook. Google gathers data for itself, does not want others to get and use those data. Google will use those data to target adds and similar, and has enough experience so far to protect data leaks, at least better than facebook. But facebook has the compelling UI for ease of use, too easy for my tastes but maybe not enough easy for my dad who sees a prompt for user and password, wherever it is, and puts e-mail and password there.
  • Again, another reason I dont use Facebook.
  • rantoc
    And this is why i don't like the idea of Cloud Computing, no system is completely safe and then its better to have the information individually than collect it all in one basket like psn!
  • distanted
    It's the world's most popular data mining site...and people are spending hours a day feeding it.
  • Aravind Aarumugam
    Can somebody please explain how user generated data has become so valuable?
    Unless its sensitive material ?
  • Aravind Aarumugam
    hjigfds09gwelcome to: http://www.famalegoods.comThe website wholesale for many kinds of fashion shoes, like the nike,jordan,prada,****, also including the jeans,shirts,bags,hat and the decorations. All the products are free shipping, and the the price is competitive, and also can accept the paypal payment.,after the payment, can ship within short shippingcompetitive priceany size availableaccept the paypalhttp://www.famalegoods.comjordan shoes $32nike shox $32Christan Audigier bikini $23Ed Hardy Bikini $23Smful short_t-shirt_woman $15ed hardy short_tank_woman $16Sandal $32christian louboutin $80Sunglass $15COACH_Necklace $27handbag $33AF tank woman $17puma slipper woman $30http://www.famalegoods.comShut the fuck up!

    Toms get an better spam system :|