Change Your Facebook Password

It appears that third parties, in particular advertisers, have accidentally gotten access to Facebook accounts including user profiles, photographs, chat, and the ability to post messages and gather personal information.  Fortunately, they may not have realized that they have these abilities.  According to Symantec, over 100,000 applications can leak access tokens that remain valid for some period of time.  They might  sit in log files of various advertisers just waiting to be abused.

Facebook is planning to move away from access tokens and adopting OAuth 2.0,an open standard co-authored with Yahoo, Twitter, Google, and others, and HTTPS.  Until then, we can do something to invalidate the access tokens:  Change your password!  Do it regularly, unless you don’t care about your Facebook privacy and don’t use the same password anywhere else…

You can change your facebook password by clicking the upper right “Account” menu and choosing “Account Settings”.  The 4th option down allows you to change your password.

Advertisements