Unfortunately, it has been discovered by Symantec that in certain cases, Facebook IFRAME applications have inadvertently leaked access tokens to third parties. According to the analysis completed by Symantec, as of last month there were almost 100,000 applications enabling the leakage of access tokens.
The referenced "access token" leakage means that the keys containing permissions; such as, accessing your friend's list, posting on your wall, and seeing any personal information you allowed the application have likely been provided to advertisers or analytic programs.
According to the Facebook Developer Blog, steps are being taken to transition Facebook applications from the old Facebook authentication system and HTTP to OAuth 2.0. (OAuth 2.0 is a process of providing third-party applications limited access and HTTPS.)
Recommendations
- Change your Facebook password since this step automatically clears all previously issued access tokens.
- Turn on Security Browsing (HTTPS):
- Navigate to your Account Settings page.
- Click the "Change" link next to Account Security
- Check the box under "Secure Browsing (https)" and then click the "Save" button.
References
- Developer Roadmap Update: Moving to OAuth 2.0 + HTTPS
- Facebook Applications Accidentally Leaking Access to Third Parties
Facebook Developers Having a Facebook profile page is a great start but trust me when I say, it is useless if you leave it dormant. Posting regularly on your page will ensure that your subscribers are fed information that will keep them interested in your business. The information you post must be relative to your business and be kept clear and concise. This is critical because an overload of information, abuse of posting and unrelated information will all discourage subscribers from your page.
ReplyDeleteThat is true, if you are a business, as you are. That is not the case for me and my friends.
ReplyDelete