Thu

Jun 26
2008

Ben Lorica

Ben Lorica

The Suspended Facebook App Top Friends

Techmeme and CNET are reporting that one of the most popular Facebook apps has been "suspended" due to security concerns uncovered by a user:

Until Facebook suspended the Top Friends app, created by Slide, anyone could browse partial profiles of anyone else on Facebook who had added Top Friends to their page. CNET News.com confirmed that the security hole exposed the birthdays, gender, and relationship status of strangers, including Facebook executives, the wife of Google co-founder Larry Page, and one profile that seemed to belong to Paris Hilton that used her middle name "Whitney."

According to our research data, Top Friends has been among the Top 3 most used applications pretty much since the Facebook platform launched. Since early April 2008, it has averaged around 1.7M active users and has been the third most popular application:

pathint

With close to 30K Facebook applications now in existence, I'm sure many others suffer from similar security problems.


 
Previous  |  Next

0 TrackBacks

TrackBack URL for this entry: http://blogs.oreilly.com/cgi-bin/mt/mt-t.cgi/6577

Comments: 7

  Pete Warden [06.26.08 12:45 PM]

I'm starting to worry that we're heading into a Windows-style, reputation-eroding game of whack-a-mole with Facebook security issues. They're in a tough technical position preventing arbitrary scripts from slipping through their filters, and they don't seem to have any process for catching or dealing with these problems, at least based on my experience of reporting an exploit:
http://petewarden.typepad.com/searchbrowser/2008/06/facebook-securi.html

  Kyle Brady [06.26.08 01:16 PM]

It's actually ironic that this ban happened, because I wrote up a post about why this "widget making companies" are being very naive about the amount of control they have, let alone being a real business...

http://www.kyle-brady.com/2008/06/25/funding-an-insightful-insight/

But I think the stats of a widget don't matter anyway... Facebook can make changes "willy nilly" and there's more or less nothing people can do about it.

--Kyle

  theharmonyguy [06.26.08 03:20 PM]

"With close to 30K Facebook applications now in existence, I'm sure many others suffer from similar security problems."

You are quite right.

  Ralf [06.27.08 12:16 AM]

Security is so important for business on the web. You need to know all about hacking etc. when you have a popular site.

  ntsili [06.27.08 12:38 PM]

Is this ban permanent????? Does any body know?

  Ben Lorica [06.27.08 12:49 PM]

Hi ntsili:

My understanding is that the company behind "Top Friends" (Slide) is working on fixing these particular security/privacy issues, and that the app will reappear once they have fixed them.

  Chugboat [06.29.08 04:42 PM]

Top Friends recently changed, taking you to a "top friends profile page" when you clicked a top friend instead of a profile. If you clicked on a top friend who you did not have added, or if you changed the friend ID in the URL to theirs, it would show you their top friends profile anyway, where you could see their status, and personal info (e.g. interests, about me, books, movies, TV, music etc) despite not having them as a friend on Facebook. I noticed this shortly after they did it, and it worked. This'll be why it's suspended. Harmless enough I thought but if the wrong people exploited it... I suppose it's a security problem. Hope they soon get the app up and running again.

Post A Comment:

 (please be patient, comments may take awhile to post)






Type the characters you see in the picture above.

RECOMMENDED FOR YOU

RECENT COMMENTS