Fear Not! New Facebook Instant Personalization Privacy Hole Patched

It's official. Facebook's Instant Personalization sucks, and here's why. Last night, security consultant George Deglin discovered a hole in Facebook's new framework that, if correctly manipulated by a savvy hacker, could share a user's name, e-mail and personal data with everyone else on the social network -- without any action from the targeted user. As TechCrunch explains, this specific scheme works via Yelp, one of three sites selected to participate in Facebook's Instant Personalization service. Because the service automatically gives Yelp access to a given Facebook user's data each time he or she visits, all a hacker would have to do is enter a malicious code into the review site, and sit back as the confidential information rolls in. Luckily, Yelp and Facebook both shut down Instant Personalization for a few hours after being notified of the problem, and the hole has reportedly been patched. But that hasn't done a lot to quell the latent concerns over Facebook's new service.

For starters, the social networking site's stated response to all of this was disturbingly ambiguous. After initially denying Instant Personalization's role in the glitch, Facebook eventually 'fessed up and sheepishly admitted that the exploit was even more insidious than first reported. The hole reportedly leaked not only user information, but the e-mail addresses of his or her friends, as well.

If you want to protect yourself from unwittingly leaking your personal data, Gawker has an easy solution. All you have to do is click on the 'Privacy settings' link in the 'Account' menu on your homepage, and open the 'Applications and Websites' page. There, you'll find a link that reads 'Instant Personalization pilot program,' which, when clicked, will give you the option of editing your settings. You'll have to uncheck the box at the bottom (which, per Facebook's style, has been pre-checked for your inconvenience), and then confirm your decision (because, after all, it's a hard one). Jumping through these loops will apparently make it more difficult for third-party sites to harvest your information, and should guard against security vulnerabilities that may exist on these sites (though, according to Facebook, you'll have to block the app to make it really go away). In the short run, you and your information will be safe, but rest assured that Facebook will find a way to make it unsafe once more. [From: TechCrunch; via: Gawker]

Tags: facebook, facebook instant personalization, FacebookInstantPersonalization, InstantPersonalization, malicious, MaliciousCode, privacy, PrivacyIssues, security, socialnetworking, top, web, yelp