Well, talk about being called out! Internet security company Symantec has revealed that Facebook has had a flaw that allows third parties to see a lot more than most people would be comfortable showing to complete strangers.
The Wall Street Journal reports:
A security vulnerability on Facebook Inc. for years gave advertisers and other third parties a way to access users’ accounts and personal information, according to security firm Symantec Corp.
But Facebook said Tuesday it had fixed the problem and found no evidence of the issue resulting in private information being leaked.
Phew! I don’t know about you but I feel SOOOO much better that Facebook has fixed this years old problem and sees no evidence of any of the developers ever doing anything bad with all the data they could get on Facebook users.
The Journal continued
The issue, which Symantec described as accidental, centers on Facebook applications, the third-party programs that allow users to play games, shop and do other tasks on the Facebook website. In some cases, those applications shared with advertisers and analytics companies so-called access tokens, which act like spare keys (originally intended for the apps) to access or post information on a user’s account, including reading wall posts, accessing a friend’s profile, posting to a user’s wall and mining personal information.
As of April, Symantec estimated that the flaw affected close to 100,000 Facebook apps—and that since Facebook introduced apps in 2007 potentially hundreds of thousands of applications may have inadvertently leaked millions of access tokens to third parties.
It is possible that the third parties didn’t realize they had the ability to access this information. Still, “the repercussions of this access token leakage are seen far and wide,” wrote Symantec researcher Nishant Doshi in a blog post.
Let’s face it, Facebook really doesn’t have a handle on all the data it possesses and the likelihood that it’s safe even when you lock down security settings is pretty slim. At some point this should come back to bite Facebook if we were living in a world where people outside of the tech crowd are informed and they actually cared. But we don’t so it’s not going to.
How do you feel about Facebook and the continuous discoveries of just how much of a sieve the service is when it comes to data security? Do you worry? Do you think they do? Take a look at this assessment of the situation:
“Facebook’s complex ecosystem—with thousands of independent apps and complex data flows to and from apps—is a problem of its own creation,” said Ben Edelman, an assistant professor at Harvard Business School. “No one asked Facebook to create this system, which sharply reduces my sympathy for Facebook when things go wrong.”
Gee, I sure hope Professor Edelman doesn’t have a Facebook account because if there is more talk like this from Facebook’s point of origin who knows what might “happen” to his information?