Facebook Third Party Apps (Probably) Leaked Your Info

vansau

Mortician of Love
May 25, 2010
6,107
0
0
Facebook Third Party Apps (Probably) Leaked Your Info

Looks like it's time to change your password ...

OK, let's get this out of the way: Facebook likes to share your information, probably more so than you're comfortable with. However, the information sharing has unintentionally hit a new high (or is it a new low?), thanks to a slew of third-party apps leaking access tokens.

According to Symantec: As of April 2011, as many as 100,000 Facebook apps may have allowed user access to be leaked:

Symantec has discovered that in certain cases, Facebook IFRAME applications inadvertently leaked access tokens to third parties like advertisers or analytic platforms. We estimate that as of April 2011, close to 100,000 applications were enabling this leakage. We estimate that over the years, hundreds of thousands of applications may have inadvertently leaked millions of access tokens to third parties.

Access tokens are like 'spare keys' granted by you to the Facebook application. Applications can use these tokens or keys to perform certain actions on behalf of the user or to access the user's profile. Each token or 'spare key' is associated with a select set of permissions, like reading your wall, accessing your friend's profile, posting to your wall, etc.

Symantec reported this issue to Facebook, which corrected the problem. While that sounds fine and dandy, the problem is that the correction doesn't work retroactively. Priorly-leaked tokens are still potentially damaging because they could provide access to your account. Unfortunately, there isn't a list of apps that leaked the information, so it's tough to know who was affected by the data leak.

However, the solution is pretty simple: Change your password. According to Symantec, changing your password is like changing the lock on your front door; old keys won't work anymore. So, if you've got a ton of third-party apps linked to your Facebook account, this seems like a smart move.

Source: Geek

Permalink
 

Imperioratorex Caprae

Henchgoat Emperor
May 15, 2010
5,499
0
0
Again, the reason I don't use any 3rd party FB apps. And the reason I tend to hate FB and social media in general. It birthed the microstransactions market which is almost as bad as the lottery imo (see smurfberry issue).
Ugh....
 

Legion

Were it so easy
Oct 2, 2008
7,190
0
0
de5gravity said:
Ever since I deleted my facebook account weeks ago, I have never felt so free.
Sadly is not possible.

You can only "de-activate" it. It takes a year or something before it actually gets deleted apparently.

I learnt that the hard way.
 

beema

New member
Aug 19, 2009
944
0
0
9_6 said:
What is it with personal data and leaks lately?
people suck, that's what
people are greedy, unethical, or just stupid, and it leads to this

apps on facebook are so bogus. they "need" to access all your personal data or they "wont work." pfff
heck, even if you go in to apps where the personal data checkbox isn't listed as "required," if you un-check it, the app usually stops working.

At least this is apparently fixable with a simple password change. but it's a quick fix to a deep seeded problem

I just imagine all of these companies being made up of these guys:
 

TheIronRuler

New member
Mar 18, 2011
4,283
0
0
I'm so happy I don't have a facebook page.
Fuck you internet social interaction, I leave my house for that!
 
Apr 28, 2008
14,634
0
0
Ephraim J. Witchwood said:
Legion said:
de5gravity said:
Ever since I deleted my facebook account weeks ago, I have never felt so free.
Sadly is not possible.

You can only "de-activate" it. It takes a year or something before it actually gets deleted apparently.

I learnt that the hard way.
Google it. Facebook makes the page hard to find, but it is possible. You just have to do absolutely nothing involving Facebook for 14 days once the process starts.
Which includes coming across those little "like" buttons on the internet. Good luck to anyone who still wants to surf the net and try and dodge those things. They're freaking everywhere.
 

Lt. Vinciti

New member
Nov 5, 2009
1,285
0
0
This is why I advise people to not play every Crackbook game or befriend every pedo playing said games....
 
Apr 28, 2008
14,634
0
0
Sir Ollie said:
Well good thing my Facebook page is full of fake info.
Indeed. To Facebook I am "Captian McAwsome the Fart-tastic!". I was born in the year of "your mom", and my birthday is "balls". And I live on Baker Street in the city of "tits".

Immature? Yes.
Funny? Hell yes.

Well to me and my friends. It was a boring day...
 

Cid Silverwing

Paladin of The Light
Jul 27, 2008
3,134
0
0
Sir Ollie said:
Well good thing my Facebook page is full of fake info.
Won't help you, good sir. I've seen people with pages faker than EA's marketing campaigns and they still get linked to their best friends next country over.

More reason for Facebook not to have been invented. I'm noticing a secondary trend, that having a Fartbook account is mandatory just to login to certain sites.
 

The.Bard

New member
Jan 7, 2011
402
0
0
de5gravity said:
Ever since I deleted my facebook account weeks ago, I have never felt so free.
You clearly have never tried ditching your clothing and scamping around Central Park at night... now THAT'S freedom!

... until the cops nab you. Then I guess it isn't.
 

Darth Crater

New member
Apr 4, 2010
54
0
0
... Why exactly does changing your password help? Facebook's web designers don't SEEM incompetent enough to use a user's password (hashed or otherwise) to determine whether a 3rd-party app can access a user's data. In fact there's no reason for the password to be anywhere near the third-party apps at all. Could someone explain to me why this is expected to help?

EDIT:
Ephraim J. Witchwood said:
Irridium said:
Ephraim J. Witchwood said:
Legion said:
de5gravity said:
So don't click them. Not that hard.
On Chrome, and probably any other browser supporting plugins, you can find one that will simply block Facebook like buttons, etc from appearing on the page...
 

vxicepickxv

Slayer of Bothan Spies
Sep 28, 2008
3,126
0
0
You know, I think I'm just going to post all my info on a single site. It's already been leaked 3 times in 3 months, so yeah...
 
Apr 28, 2008
14,634
0
0
Ephraim J. Witchwood said:
Irridium said:
Ephraim J. Witchwood said:
Legion said:
de5gravity said:
Ever since I deleted my facebook account weeks ago, I have never felt so free.
Sadly is not possible.

You can only "de-activate" it. It takes a year or something before it actually gets deleted apparently.

I learnt that the hard way.
Google it. Facebook makes the page hard to find, but it is possible. You just have to do absolutely nothing involving Facebook for 14 days once the process starts.
Which includes coming across those little "like" buttons on the internet. Good luck to anyone who still wants to surf the net and try and dodge those things. They're freaking everywhere.
So don't click them. Not that hard.
They just have to load up, you don't need to click 'em or anything. Although this was quite a few months ago. Things might have changed.