Facebook Exploit found by BCC

BBC has uncovered an exploit in the Facebook application system. They used the help of an experienced coder and created a mining application that looked like a “joke of the day” application. What this application did was not only steal your information such as phone numbers, place of work, etc.., but also steal the information of all your friends on your profile. What’s worse is that your friends don’t even have to download this specific application to become a victim, they just have to be in the infected user’s friend list. So you could be a victim of some type of identity theft, and you don’t necessarily have to do anything.

The BBC claim that because these applications are stored and managed by a third party company, malicious applications could easily sneak under their noses. That’s right, Facebook does not house all your applications, a third party company does. Also, most of these applications are automatically given the rights to go through all the aspects of your profile, including your friends, regardless of their security settings. Facebook says that if an application violated their terms of use, they could stop it from being published with their removal team. Well, they tried to recreate the same scenario with MySpace and they weren’t able to succeed. It is obvious that the Facebook system is flawed. You can’t expect to have a secure environment when you have a third party company taking care of business and a system where an application can access sections of your friends and your own profile without warning. This is almost as if someone got a virus through an email and everyone in their address book automatically got their computer infected.