We wrote not long ago about how Facebook’s Open Graph Protocol would be super-tempting to hackers. Well, right on cue, Techcrunch reported a security hole on Yelp that exposed users’ Facebook data. Yes, the screw-up was on Yelp’s side, but it was still Facebook users’ data that was compromised.
The underlying risk of the Open Graph Protocol — which lets sites import Facebook profile data so the site can “pre-customize” for your likes — is that it puts profile data security in the hands of every site using the OGP. Yelp is a big-boy operation and they dropped the ball. What’s going to happen when everybody starts implementing the Open Graph, including the bootstrapping startups that don’t have a full team of security-conscious coders out there protecting your data?
Moreover, Facebook is getting behind OAuth 2.0, which is going to make Facebook Connect (and eventually, the OGP) even easier to implement, so again your profile data is going to go lots of places outside of Facebook. That means you’ll be putting your Facebook data in the hands of even more sites, so your security risks will escalate accordingly.
Despite all these fears — and some high-profile criticisms — Facebook’s social plugins got 100,000 adopters in three weeks. The gravity well of Facebook’s movements can’t be escaped, at least not in the near term. Yes, the smart move is simply not to put data on Facebook, but not many businesses can resist the lure of 500 million Facebook users. Thus, one must place data on Facebook with the full understanding that doing so is an ever-growing security risk, and that data exposure, data corruption, and data loss are likely just a matter of time.
Hope you’ve got a backup plan.
Related articles by Zemanta
- Yikes! Yelp Security Breach Results in Egg on its Facebook (marketingpilgrim.com)
- Facebook Unveils Its Roadmap to World Domination And it Is Good (techie-buzz.com)
- Facebook Users’ Names, Email, Location, And Photos Exposed On Yelp (businessinsider.com)
- Analysis: Some Facebook Privacy Issues Are Real, Some Are Not (insidefacebook.com)
- Facebook tries to stem privacy backlash (cnn.com)