Threat Center Security News Vulnerability in Facebook
Vulnerability in Facebook Print E-mail
Written by Rebecca Mints   
Thursday, 01 May 2008 18:00

The social networking site Facebook has been discovered to contain a vulnerability that would allow for hackers to steal user data, according to the BBC. Click, the BBC technology program, has reported that the error is in Facebook's application model. Users can write applications on Facebook, but Click has concluded that these apps might be able to collect personal information on users and their friends.

The information that is susceptible is the what is given to build a user's personal profile. While the BBC was not sure as to which of the personal information may be obtainable, they did say it's more than what's appropriate. When a user includes a new application in Facebook they are prompted to specify which capabilities of the new program will be activated, one of them being "Know who I am and access my information," and it will go on to say "Granting access to information is required to add applications. If you are not willing to grant access to your information, do not add this application." So basically, if you want to use the new application you have no choice but to fork over the information. The BBC is suggesting that users may not realize just how much and exactly what information they are compromising.

The way that Facebook tries to account for the problem is to warn users about installing new applications, but this is really of no assistance because they don't offer any suggestions on how to actually use caution. They also prohibit users from abusing peoples' personal information; again, not much help. The fact that many of these applications may be running on third party servers adds to the problem since in this case Facebook cannot invoke their own terms.

The BBC also commented on Facebook that "... also advises users to use the same precautions while downloading software from Facebook applications that they use when downloading software on their desktop." This being Facebook's suggestion to protect their users shows how little they are really doing to do so. If Facebook can't offer their users a bit of security while downloading their own applications then they really need to consider beefing up their own security.

BBC Reports Facebook Vulnerability


WTW Threat Level