Last week, Facebook sheepishly took to the global stage and declared that it had, once again, exposed user's personal data to third party access.
This time, the situation is far more serious, with Facebook accidentally leaking full access to some of its 500 million users' accounts (since as far back as 2007) and prompting the call for Facebook users to immediately change their passwords.
Symantec, the online security specialists that first discovered the leak, reported that the security issue was caused by i-frame applications that inadvertently leaked access tokens (full account access) and gave malicious third parties the access they need to hijack everything on a Facebook user's account.
With approximately 20 million applications installed on Facebook user accounts every day, the number of accounts compromised is extensive.
Facebook were quick to react and has made changes to its platform to prevent any further leakages. However, with much of the damage having already been done (over several years), Facebook users are being advised to update their passwords to lock out pre-existing access tokens.
In another attempt to rebuild confidence in its ability to provide a secure environment for social networking, Facebook has also launched a new "opt-in" authentication system, called "Login Approvals".
User's who choose to add "Login Approvals" to their Facebook account will find that, whenever they try to access Facebook from a computer or device they have not used before, they will be prompted to login (as usual) and then enter a code that Facebook will text message to their mobile phone.
Once this exercise is completed on a device, the user has the option to "save the device" to their account so they don't have to enter the code next time. This device recognition option is significant, as it still allows Facebook users to socialise on the site at public facilities ( such as internet cafes, libraries, etc) and not give that device ongoing authorisation to their account from that location.
To apply "Login Approvals" to your Facebook account, simply login to Facebook, go to "Account Settings" and click the "change" text link next to "Account Security". Here you will be able to opt-in to the new "Login Approvals" service.
Wendy Schollum is a web strategist and Managing Director of Xplore.net Online Solutions (www.xplore.net). If you would like more information on social media, follow the Xplore.net team on Twitter (www.twitter.com/XploreNET), connect on Facebook (www.facebook.com/XploreNET) or call the friendly Xplore.net team on 0800 100 900.
Wendy Schollum: Facebook face the music over security
AdvertisementAdvertise with NZME.