Facebook caught exposing millions of user credentials

DorsetBoy · May 11, 2011, 18:37:51

QuoteFacebook has leaked access to millions of users' photographs, profiles and other personal information because of a years-old bug that overrides individual privacy settings, researchers from Symantec said.

The flaw, which the researchers estimate has affected hundreds of thousands of applications, exposed user access tokens to advertisers and others. The tokens serve as a spare set of keys that Facebook apps use to perform certain actions on behalf of the user, such as posting messages to a Facebook wall or sending RSVP replies to invitations. For years, many apps that rely on an older form of user authentication turned over these keys to third parties, giving them the ability to access information users specifically designated as off limits.

The Symantec researchers said Facebook has fixed the underlying bug, but they warned that tokens already exposed may still be widely accessible..... (more)

Rik · May 11, 2011, 18:40:32

Another reason not to like the thing.

Simon · May 11, 2011, 19:38:16

Oops!

Rik · May 12, 2011, 08:47:31

That's being kind.

Glenn · May 12, 2011, 08:56:48

Don't run Facebook on an Apple, or you could have a Flasher Mac

Rik · May 12, 2011, 09:10:40

Gary · May 12, 2011, 09:29:08

Facebook deny it of course, but just changing the password sorts the issue, and its apps that caused it, if you dont use them, you were fine. Not a reason to not like it, but another reason to use your brain a bit, changing passwords often helps anyway, I use 1Password for the Mac, great thing to have.

Simon · May 12, 2011, 10:06:51