Facebook denies privacy breach allegations by Symantec
No personal data could have been passed to third parties, company says
Computerworld - Facebook today denied that it may have accidentally exposed personal user data to advertisers and other third parties for several years, as claimed this week by two security researchers at Symantec Corp.
The researchers in a blog post Tuesday noted that a Facebook programming error -- since fixed -- could have allowed advertisers to access member profiles, photographs and chat messages and to post messages and mine personal data from them.
According to Symantec, the leaks stemmed from a faulty API used by developers of Facebook applications. It caused "hundreds of thousands" of Facebook applications to accidentally expose the so-called access tokens that are granted by users to Facebook applications. "Each token or 'spare key' is associated with a select set of permissions, like reading your wall, accessing your friend's profile, posting to your wall, etc.," the researchers said.
Any third party or advertiser associated with an application developer that had used the faulty API would have had access to the tokens, allowing them to perform whatever actions the tokens allowed. While it's unclear how many advertisers even knew what was going on, the potential repercussions of the data leaks are "far and wide," Symantec claimed.
But Facebook downplayed the issue and argued that Symantec's report has a "few inaccuracies."
"We appreciate Symantec raising this issue and we worked with them to address it immediately," Facebook spokeswoman Malorie Lucich said in an emailed comment. But, "specifically, no private information could have been passed to third parties, and the vast majority of tokens expire within two hours," she said.
"The report also ignores the contractual obligations of advertisers and developers, which prohibit them from obtaining or sharing user information in a way that violates our policies," Lucich said.
She added that Facebook has no evidence of information being used in a way that violates company policies. "We take any potential issue seriously and quickly took steps to prevent this from happening again."
- NSA defends collecting data from U.S. residents not suspected of terrorist activities
- Groups fear bill would allow free flow of data between private sector and NSA
- Google's move into home automation means even less privacy
- Bill to require warrant for email searches gains ground in House
- Coming soon to a fridge near you -- targeted ads
- Snowden leaks prompt tech firms to tout privacy, transparency policies
- License reader lawsuit can be heard, appeals court rules
- Is EU's 'right to be forgotten' really the 'right to edit the truth'?
- Tails 1.0: A bootable Linux distro that protects your privacy
- Privacy jitters derail controversial K-12 big data initiative
- 5 Customers Deliver Virtual Desktops and Apps to Empower a Modern Workforce Learn how Citrix solutions helped 5 companies realize the full value of desktop virtualization through a project-by-project approach based on key business priorities.
- Top 10 Reasons to Strengthen Information Security with Desktop Virtualization Regain control and reduce risk without sacrificing business productivity and growth
- IDC MarketScape: Worldwide Client Virtualization Software 2013 Vendor Assessment IDC has placed Citrix in the 2013 IDC MarketScape Leaders Category once again noting that, "Citrix's position reflects the company's market leadership and...
- Infographic: Top Use Cases for Desktop Virtualization A wide range of business issues is driving IT toward desktop virtualization. One solution-Citrix XenDesktop with FlexCast technology-helps IT teams empower their entire...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- What Does it Take to Deliver a Superior Customer Experience? The Two Top-Rated Online Retailers, B&H Photo and Crutchfield Electronics, Share Their Secrets Discuss practical CX tools and service methods such as contact center agents and the use of realtime speech analytics to help contact center... All Privacy White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!