Pages

Thursday, May 12, 2011

Millions of private Facebook files leaked

Symantec has revealed a Facebook security flaw just days after millions of users of the Sony Playstation Network were affected by a security breach. Antivirus company Symantec has today revealed on their blog a security flaw in Facebook where millions of private Facebook files could have potentially been leaked. The security flaw means that private information such as profile information, chat history and photos could be viewed by unauthorised persons. Through this security flaw Symantec says that anyone exploiting the flaw could even use a compromised profile to post information. Symantec advised that the security flaw exists within the applications that attach to Facebook and that this leak of information could have been happening for years. Facebook applications use access tokens which allow them to make changes to a user’s personal information. Once a user enables an application, usually profile information is added. These access tokens were then taken by the application owner and transferred to third party analytics or advertising companies, giving them the potential access to the private information. With over 500 million users on Facebook the potential for loss is great. Symantec says that it has informed Facebook about the security risk from the access tokens. Facebook security advised that the Symantec report had some inaccuracies but would not elaborate. Facebook advised that after a thorough investigation no cases of unlawful access have occurred. Now that this security flaw has been made public it will force Facebook to make any necessary changes to protect user’s information. If Facebook does not make the appropriate changes then hackers may force them to. Sony would have welcomed any information about security flaws in their network, given the backlash that has happened in the wake of their recent security breach.

A few notes about online security in the light of recent activities. The addition of applications to Facebook profiles is done by the user and security messages and authorisations are provided along the way. If the application that is being added to your profile is not from a trust worthy source or you did not request the application then do not add this to your profile. The protection of your information on the internet also extends to the use of social networking sites such as Facebook and Twitter so always be aware of what information is placed on there and who could potentially have access to it. Users may feel safer about placing information on these sites as generally a log in is required but don’t let this make you forget about your online security. Only place on these sites information that anyone could potentially view even if they do not have immediate access to it. There are various methods employed by hackers that may not be immediately apparent to most users so always keep in mind your online security.

No comments:

Post a Comment