Marketing Pilgrim's "Social Media" Channel

Sponsor Marketing Pilgrim's Social Media Channel today! Get in front of some of the most influential readers in the Internet and social media marketing industry. Contact us today!

Yikes! Yelp Security Breach Results in Egg on its Facebook

Could it be that privacy truly is Facebook’s achilles heel?

The world’s #1 social network is already seeing users cancel their account in droves–over privacy–and now one of its trusted partners provides the gateway for a malicious hack?

One of Facebook’s marque personalization partners, Yelp, is at the center of the latest privacy scare. Actually, a scare would be putting it mildly:

The script in my example would capture the browser cookies set for, extract a key required to make Open Graph API requests to the Facebook API, and send that key to my site. My site would then make a request for your name, email, etc. and store it in a database.

Even more scary?

You–the user–need do anything to enable this security breach. It’s not like Yelp pops-up a message that says “Hey, is this you? Click this harmless looking link!” Nope! Any private info that Facebook makes available to Yelp, would be immediately available to the hackers. Note: You would need to land on a malicious site, hell-bent on extracting your Yelp/Facebook data.

OK, don’t panic. Fortunately, this exploit was discovered by a web security expert–George Deglin–and not some Chinese student doing a class project. In response, both Yelp and Facebook quickly fixed the problem before any user data was compromised.

Still, you have to wonder: if a site as established as Yelp can’t keep your Facebook information safe, do you really want to share it with any random blog that happens to ask for it?

  • Frank Reed

    Considering the type of response that any information given on MP about yelp gets, does anyone really care? If they are such a “powerhouse” why does everyone seem to shrug off news about them? Is this more hype than reality?
    .-= Frank Reed´s last blog ..Business Blogging to Support Sales Efforts =-.