FutureFive New Zealand - Consumer technology news & reviews from the future
New Zealand
Guides
#
drones
#
gaming
#
reviews
#
smartphones
#
virtual reality
Search
Story image
#
OAuth
#
Symantec
Symantec - '100k Facebook apps may be leaking user data'
Wed, 11th May 2011
FYI, this story is more than a year old
By Staff Writer
Follow us

Symantec announced that it has discovered a flaw in the way some Facebook applications are authorised, enabling those apps to have backdoor access to user accounts via 'access tokens'.

Symantec said on it's blog today, "third parties, in particular advertisers, have accidentally had access to Facebook users’ accounts including profiles, photographs, chat, and also had the ability to post messages and mine personal information."

The net security firm said it has notified Facebook of the issue, which has acted undertaken corrective action.

It is estimated that around 100,000 applications were enabling the leakage and that, over the years, millions of access tokens may have been leaked to third parties.

Even with Facebook's authorisation upgrades to correct this situation, old access tokens may remain valid. Symantec recommends changing your password to automatically invalidate all prior access tokens.

Facebook has released a roadmap for developers to move their apps to the more secure OAuth 2.0.

Related stories
Hands-on review: Norton Lifelock's Norton 360 security suite
Hands-on review: Norton Security gets the safety and freedom balance right
Cybercrime complacency costs Kiwis – Norton
Hands-on review: Norton Core keeps home IoT secure
Mozilla delays distrust of Symantec TLS certificates
Top stories
NZ retailers urged to prioritise CX over tech advances
Game review: Stellar Blade (PS5)
Noel Leeming launches tech trade-in scheme across New Zealand
ADLINK unveils high-performance Atom-powered modules for IoT solutions
LG unveils state-of-the-art UltraGear OLED gaming monitors in Australia