Dominion Lending Centres Clearlease Reports Security firm says Facebook apps were leaking user data; no sign of misuse

Dominion Lending Centres Clearlease Reports Security firm says Facebook apps were leaking user data; no sign of misuse

VANCOUVER, BC – (May 12, 2011) Clearlease Reports Security firm Symantec has discovered a security flaw in Facebook that inadvertently gives advertisers and other outside parties access to people’s accounts. But Facebook said it has fixed the problem and found no evidence that any private information was shared with any outside party.

Symantec said Tuesday that the outside parties may not even have realized that they were able to access users’ profiles, photos and chats.

The problem was leaking “access tokens,” which are akin to spare keys that let apps access your profile if you gave them permission, Symantec researcher Nishant Doshi said in a blog post.

Doshi estimates that some 100,000 applications were enabling the data leak as of April. Over the years, however, hundreds of thousands of applications may have accidentally leaked millions of access tokens to outside parties.

Most of the access tokens used on Facebook expire after two hours. But Doshi said an application can also request and use offline access tokens, which are valid until users change their passwords.

The leaky apps had been using an old version of Facebook’s authentication method. The current one doesn’t have this problem, and Facebook is moving app makers to the new system, said Kevin Haley, director of security response at Symantec.

Users who are concerned can change their Facebook passwords, which has the effect of changing the lock on a Facebook profile. But Haley said users shouldn’t be overly worried.

“The potential is very large but we have no evidence that anyone did anything with this capability,” he said.

In a prepared statement, Facebook said its advertisers and developers are prohibited from obtaining or sharing user information in a way that violates the company’s policies.

For more information please visit us at: http://www.clearlease.com/Career-Opportunities.html

About Dominion Lending Centres Clearlease

Dominion Lending Centres Clearlease Commercial (DLC Clearlease/Clearlease.com) is a fully diversified Lease Finance Mortgage Banking Brokerage Company specializing in Equipment Leasing, Automobile Leasing, Residential, Commercial Lending/Mortgage Financing. DLC Clearlease possesses the capability to accommodate financing needs ranging from a small second Home Mortgage to a Multi-Million Dollar Commercial Projects. No mortgage is too small or too large for this integrated Company.

Equipment Lease Financing in Vancouver, Surrey, Delta, Richmond, Langley, New Westminster, North Vancouer, West Vancouver, B.C. Also offering Automobile Lease Financing and Mortgage information. Founded by the Pidgeon brothers.

You may have recently seen a Dominion Lending advertisement on such media outlets as: Global News, CTV News, CBC Television, Rogers Sportsnet or possibly heard the great Don Cherry, a Canadian Sports legend, discuss Dominion Lending Centres.

Contact DLC Clearlease.com:

Dominion Lending Centres Clearlease
HEAD OFFICE, Bentall Two, Suite 900, 555 Burrard Street, Vancouver, BC, V7X 1M8, CANADA.
Mr. Alexander Pidgeon, Editor in Chief
Tel: (604) 696-1221 ext. 199
eMail: [email protected]
Website: http://www.clearlease.com
News: http://clearlease.com/category/equipment-lease-blog/feed/rss
Twitter: @clearlease

###

Video Link: http://youtu.be/f_kk7WJa7Uk

Dominion Lending Centres Clearlease Reports Security firm says Facebook apps were leaking user data; no sign of misuse

VANCOUVER, BC – (May 12, 2011) Clearlease Reports Security firm Symantec has discovered a security flaw in Facebook that inadvertently gives advertisers and other outside parties access to people’s accounts. But Facebook said it has fixed the problem and found no evidence that any private information was shared with any outside party.

Symantec said Tuesday that the outside parties may not even have realized that they were able to access users’ profiles, photos and chats.

The problem was leaking “access tokens,” which are akin to spare keys that let apps access your profile if you gave them permission, Symantec researcher Nishant Doshi said in a blog post.

Doshi estimates that some 100,000 applications were enabling the data leak as of April. Over the years, however, hundreds of thousands of applications may have accidentally leaked millions of access tokens to outside parties.

Most of the access tokens used on Facebook expire after two hours. But Doshi said an application can also request and use offline access tokens, which are valid until users change their passwords.

The leaky apps had been using an old version of Facebook’s authentication method. The current one doesn’t have this problem, and Facebook is moving app makers to the new system, said Kevin Haley, director of security response at Symantec.

Users who are concerned can change their Facebook passwords, which has the effect of changing the lock on a Facebook profile. But Haley said users shouldn’t be overly worried.

“The potential is very large but we have no evidence that anyone did anything with this capability,” he said.

In a prepared statement, Facebook said its advertisers and developers are prohibited from obtaining or sharing user information in a way that violates the company’s policies.

For more information please visit us at: http://www.clearlease.com/Career-Opportunities.html

About Dominion Lending Centres Clearlease

Dominion Lending Centres Clearlease Commercial (DLC Clearlease/Clearlease.com) is a fully diversified Lease Finance Mortgage Banking Brokerage Company specializing in Equipment Leasing, Automobile Leasing, Residential, Commercial Lending/Mortgage Financing. DLC Clearlease possesses the capability to accommodate financing needs ranging from a small second Home Mortgage to a Multi-Million Dollar Commercial Projects. No mortgage is too small or too large for this integrated Company.

Equipment Lease Financing in Vancouver, Surrey, Delta, Richmond, Langley, New Westminster, North Vancouer, West Vancouver, B.C. Also offering Automobile Lease Financing and Mortgage information. Founded by the Pidgeon brothers.

You may have recently seen a Dominion Lending advertisement on such media outlets as: Global News, CTV News, CBC Television, Rogers Sportsnet or possibly heard the great Don Cherry, a Canadian Sports legend, discuss Dominion Lending Centres.

Contact DLC Clearlease.com:

Dominion Lending Centres Clearlease
HEAD OFFICE, Bentall Two, Suite 900, 555 Burrard Street, Vancouver, BC, V7X 1M8, CANADA.
Mr. Alexander Pidgeon, Editor in Chief
Tel: (604) 696-1221 ext. 199
eMail: [email protected]
Website: http://www.clearlease.com
News: http://clearlease.com/category/equipment-lease-blog/feed/rss
Twitter: @clearlease

###

Video Link: http://youtu.be/f_kk7WJa7Uk

Dominion Lending Centres Clearlease Reports Security firm says Facebook apps were leaking user data; no sign of misuse

VANCOUVER, BC – (May 12, 2011) Clearlease Reports Security firm Symantec has discovered a security flaw in Facebook that inadvertently gives advertisers and other outside parties access to people’s accounts. But Facebook said it has fixed the problem and found no evidence that any private information was shared with any outside party.

Symantec said Tuesday that the outside parties may not even have realized that they were able to access users’ profiles, photos and chats.

The problem was leaking “access tokens,” which are akin to spare keys that let apps access your profile if you gave them permission, Symantec researcher Nishant Doshi said in a blog post.

Doshi estimates that some 100,000 applications were enabling the data leak as of April. Over the years, however, hundreds of thousands of applications may have accidentally leaked millions of access tokens to outside parties.

Most of the access tokens used on Facebook expire after two hours. But Doshi said an application can also request and use offline access tokens, which are valid until users change their passwords.

The leaky apps had been using an old version of Facebook’s authentication method. The current one doesn’t have this problem, and Facebook is moving app makers to the new system, said Kevin Haley, director of security response at Symantec.

Users who are concerned can change their Facebook passwords, which has the effect of changing the lock on a Facebook profile. But Haley said users shouldn’t be overly worried.

“The potential is very large but we have no evidence that anyone did anything with this capability,” he said.

In a prepared statement, Facebook said its advertisers and developers are prohibited from obtaining or sharing user information in a way that violates the company’s policies.

For more information please visit us at: http://www.clearlease.com/Career-Opportunities.html

About Dominion Lending Centres Clearlease

Dominion Lending Centres Clearlease Commercial (DLC Clearlease/Clearlease.com) is a fully diversified Lease Finance Mortgage Banking Brokerage Company specializing in Equipment Leasing, Automobile Leasing, Residential, Commercial Lending/Mortgage Financing. DLC Clearlease possesses the capability to accommodate financing needs ranging from a small second Home Mortgage to a Multi-Million Dollar Commercial Projects. No mortgage is too small or too large for this integrated Company.

Equipment Lease Financing in Vancouver, Surrey, Delta, Richmond, Langley, New Westminster, North Vancouer, West Vancouver, B.C. Also offering Automobile Lease Financing and Mortgage information. Founded by the Pidgeon brothers.

You may have recently seen a Dominion Lending advertisement on such media outlets as: Global News, CTV News, CBC Television, Rogers Sportsnet or possibly heard the great Don Cherry, a Canadian Sports legend, discuss Dominion Lending Centres.

Contact DLC Clearlease.com:

Dominion Lending Centres Clearlease
HEAD OFFICE, Bentall Two, Suite 900, 555 Burrard Street, Vancouver, BC, V7X 1M8, CANADA.
Mr. Alexander Pidgeon, Editor in Chief
Tel: (604) 696-1221 ext. 199
eMail: [email protected]
Website: http://www.clearlease.com
News: http://clearlease.com/category/equipment-lease-blog/feed/rss
Twitter: @clearlease

###

Video Link: http://youtu.be/f_kk7WJa7Uk

Tags: No tags

Comments are closed.