When bug-testing a new Facebook app, a group of programmers recently stumbled over a dangerous and previously unknown Facebook bug. With the right coding, an app could block users from accessing their own account while giving a hacker access to contact lists, phone numbers, e-mails, and other private information. Locked out from their account, the user would be unable to disconnect the app and revoke its permissions.
The bug applied to mobile devices and tablets, and could potentially have affected nearly half of Facebook users.
Many Facebook apps require access and use of personal information. When approving an app, it generally gets access to contact information, to friends’ contact information, access to data at any time, along with permissions to post on the user’s behalf. With the plethora of apps available, it is easy to forget what’s installed, and most people will not bother with keeping track of them.
The average user might not recognize the risk involved with sharing personal information and credentials with apps outside the social network. It is easy to assume that if something looks official and professional, it is safe to use. To make matters worse, users tend to repurpose their user names and passwords over many platforms, and information stolen on Facebook may give fraudsters access to everything from online banking to e-commerce sites.
For more information: