Facebook Security Leak Since 2007

Two security researchers have documented a serious and long-standing design flaw in Facebook:

Third parties, in particular advertisers, have accidentally had access to Facebook users’ accounts including profiles, photographs, chat, and also had the ability to post messages and mine personal information.

[…]

There is no good way to estimate how many access tokens have already been leaked since the release Facebook applications back in 2007. We fear a lot of these tokens might still be available in log files of third-party servers or still being actively used by advertisers. Concerned Facebook users can change their Facebook passwords to invalidate leaked access tokens. Changing the password invalidates these tokens and is equivalent to “changing the lock” on your Facebook profile.

I’ll let you guess why “there is no good way to estimate” unauthorised access at Facebook.

One thought on “Facebook Security Leak Since 2007”

  1. Most popular facebook applications leaks user information to third parties. Be careful

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.