Facebook “Spare Key” Security Flaw Existed For Years

Filed as News on May 11, 2011 1:57 pm

Facebook SecurityFacebook user information was passed along to advertisers and third parties for years according to a Symantec report passed along to the social network last month.

The issue occurred when more than 100,000 Facebook applications accidentally passed along user access tokens. Those tokens, known as a “spare key” could then be used to access a users account, allowing third parties to post info to a user’s wall and access other parts of their accounts.

Anyone with access to an access token would also be able to mine for personal information, gain access to a user’s friends’ profiles and access other parts of a users accounts, however no reported evidence of such events occurring were reported, in fact it’s believed that third parties were not even aware that they were receiving the extra information.

In a blog post on their website Symantec wrote:

“We fear a lot of these tokens might still be available in log files of third-party servers or still being actively used by advertisers.”

Facebook for their part says they fixed the issue last month when it was first reported to them by Symantec, however users who still fear their information may have been compromised can simply change their Facebook password to invalidate the token.

 

Tags: , ,

This post was written by

You can visit the for a short bio, more posts, and other information about the author.


Submissions & Subscriptions

Submit the post to Reddit, StumbleUpon, Digg or Del.icio.us.

Did you like it? Then subscribe to our RSS feed!



    Your words are your own, so be nice and helpful if you can. If this is the first time you're posting a comment, it might go into moderation. Don't worry, it's not lost, so there's no need to repost it! We accept clean XHTML in comments, but don't overdo it please.

    Current day month ye@r *