Leaky Third-Party Facebook Apps

There has been a reported breach of Facebook data that was acquired by third-party apps. The leaky apps include:

• “Cultura Colectiva”, a Latin American social networking collective with a database exceeding 500 million entries. Exposed data includes Facebook ID’s, likes, friends and more.
• “At the Pool”, which is an app that has not been in use since 2014. Exposed data includes names, email addresses, Facebook IDs and 22,000 plaintext user passwords.  

Recommendations (courtesy of NakedSecurity):

• Review your Facebook apps and permissions. To do so, go to https://www.facebook.com/settings and choose Apps and Websites from the menu on the left. Using the list of apps and websites, remove those you no longer wish to use and re-review the permissions settings for those you wish to keep.
• Review your Facebook privacy settings via the Privacy menu on the Settings screen where you can access the Privacy Settings and Tools page.
• Strengthen your login with 2FA via the Security and Login page.

For more information, please see:

• NakedSecurity, Facebook apps expose millions of users’ Facebook data
• Upguard, Losing Face: Two More Cases of Third_Party Facebook App Data Exposure
• Wired, In Latest Facebook Data Exposure, History Repeats Itself