Symantec detects Facebook’s Security flaw – Advices FB users to change their password

Comment

Symantec has detected a facebook security flaw which would allow Third parties to access Facebook user’s accounts including profiles, photographs, chat, and also had the ability to post messages and mine personal information.

This was due to the Leak of the access tokens through Facebook IFRAME applications to third parties like advertisers or analytic platforms.Also the blog post of Symantec says that luckily no third-parties may not have realized their ability to access this information.

Access tokens are like ‘spare keys’ granted by you to the Facebook application. Applications can use these tokens or keys to perform certain actions on behalf of the user or to access the user’s profile. Each token or ‘spare key’ is associated with a select set of permissions, like reading your wall, accessing your friend’s profile, posting to your wall, etc.Leaking of such valuable keys were the cause to this security issue.

The Symantec blog post says,

We estimate that as of April 2011, close to 100,000 applications were enabling this leakage. We estimate that over the years, hundreds of thousands of applications may have inadvertently leaked millions of access tokens to third parties.

Facebook was notified by Symantec of this issue and has confirmed this leakage. Facebook also made changes on their end to prevent these tokens from getting leaked and informed that the flaw has been patched.Details of update by facebook can be found here.

Though the issue has been solved,Symantec advices facebook users to change their passwords as changing passwords may make those leaked tokens(if any) invalid.If you wish your account to be secure,better change your facebook password.

Did you find  the information useful?Share your views in comments…

 

Tharun Venkatesan

Author

Tharun Venkatesan

Tharun is a bit attracted towards computers and stuff.He loves to blog,share and know more about computers and technologies.He shares what he feels is something good on this site...Stay connected.
Tharun is on: Facebook , Google+ , Twitter

Up Next

Related Posts

2 comments
Ron Cook
Ron Cook

This is an interesting article. Thanks for posting it.
Also, please drop that silly "Energy Saving Mode" page blanking code.
It does not "save energy".

Arjun
Arjun

Thanks for sharing this.. I am using Symantec product of antivirus. I must change my Facebook password.