Just for Safety, Change your Facebook Password!


     Facebook applications have leaked users’ personal data to third parties, not only recently but for a long time. According to the web security firm Symantec, Facebook apps may have inadvertently leaked millions of Facebook users’ personal data to third parties such as advertisers. As of April 2011, Symantec found that the data leaks took place in the mistaken giveaway of “access tokens” to third parties in as many as 100,000 different applications. And with 20 million apps installed every day, that amounts to a huge number of tokens floating around. That is to say, from this, the unwanted third parties have access to our personal data, such as our profiles, pictures and chats with others.

      Sounds terrible!

     When I saw it at first glance, the first thing that came to my mind is to check whether I have ever done anything about my personal information on Facebook before. However, we cannot avoid it. You know what I mean? We cannot avoid leaving our personal stuffs behind as long as we surf the Internet. When we go to Facebook, inevitably we will come into contact with the Facebook apps. As a result, it is possible to happen that our personal information is recorded and have the possibility to be engaged by others.

    Things goes the same with other examples. Just let me tell you a similar story. In China, we all like to use “QQ” to contact with friends or others. It is just like “MSN” here in foreign countries. Once when one of my friends wanted to contact her brother in Europe, she went to QQ. However, when getting contact , she was requested to video with him. So strange! Then she found that his brother’s QQ was stole by someone. Oh, god! He must change his password right now! Some of his personal things may be leaked outside somewhere.

    Fortunately, these third parties may not have realized their ability to access this information, and also, Symantec has reported this issue to Facebook, who has taken corrective action to help eliminate this issue. However, the fix only prevented new tokens from being leaked. Existing tokens are still usable and could allow third parties to access profile data, chat history, and pictures. So even just for safety, change your facebook password please!

                                                                   And seeing the things in one way, we should still see the effort Facebook has made. Facebook and crowdsourced website reputation service Web of Trust (WOT) begin collaboration on 12th May,2011 to give Facebook’s over 500 million users reliable protection against dubious web links so that the users can now click links from other users with a little more trust. Web of Trust is based in Helsinki, Finland. Its user community rates web pages on how trustworthy they are, so the service is able to warn users if they try to access a website with untrustworthy content. Facebook user’s can’t themselves rate the websites, the ratings come from the WOT user community. It shows us that not only Facebook, but also more and more companies start and try hard to guarantee their customer’s privacy not to be attacked. So we should also trust them or at least think twice when we want to do something online.

One thought on “Just for Safety, Change your Facebook Password!

  1. Thank you for this very informative blog post Mengmei!

    I always found these application requests kind of fishy, but I never suspected them to be able to leak out chat history! That’s totally gross. Good thing that I never cared much about “which sex and the city character” (http://www.youtube.com/watch?v=S9LqnowYVQE) I was, I guess.

    From my point of view, Facebook itself is actually bad enough in terms of leaking data to third parties. “Instant Personalization” (defaultly turned on) for instance legally provides partner-sites with personal information for better targeted adverts.
    There are quite a few articles about this one, if you’re interested in it I’d recommend you to take a look at this one (http://www.zdnet.com/blog/igeneration/facebook-instant-personalization-how-to-disable-it-and-why/8006), since it gives a good overview and instructions on how & why to turn IP off.

    Good Luck on that, I’m off to think of another password…

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s