Facebook reported late last week that it had detected and removed yet another rogue application that was sending people fake messages designed to get them to reveal personal information.
Users were told they had violated the Facebook Terms of Use and were given a link to click on which would supposedly tell them exactly how they had sinned. But clicking on the link actually provided access for cyber criminals to the user’s profile and personal information as well as sending the original fake message to everyone on their friends list.
Facebook says this was just the latest in a serious of such rogue apps which I has detected and removed. The organization has now mounted a standing watch to detect further such threats to its users’ privacy.
Sophos security blogger Graham Cluely observed, “One of the problems is that Facebook allows anybody to write an application, and third-party applications are not vetted before they are made available to the public. So, even as Facebook stamps out one malignant application, it can pop up in another place like a poisoned mushroom with a different name.”
MySpace, meanwhile, plugged a hole that could allow intruders to view users’ private comments. However, MySpace officials were quick to point out that intruders would have to know the exact URL and user ID to view any specific private comment.