Experts caution against app that steals users Facebook data

09 Jun 2015

Experts have warned users against downloading apps as some of them might steal user data, after an app, Unfriend Alert, was found to be collecting users' Facebook data, Betanews.com reported.

Unfriend Alert alerts users when they are ''unfriended'' on Facebook.

The app, which is free, notifies users whenever they are removed from the Facebook friend list. However, it asks for users' sign in and password.

''Looking at a Wireshark log for this check however shows that the login credentials are not sent directly to Facebook but to yougotunfriended.com,'' says security firm MalwareBytes.

According to IANS, the app also displayed ads and could install malicious software on the user's computer. What was more worrisome was it did not show up in the apps list on Facebook, so one could easily forget that it was there, while it monitored one's activities.

According to the recommendation of experts, users should remove the app and change their password. There had been other apps in the market that alerted users when a Facebook friend ditched them, but this new app seemed to be designed to steal passwords.

Facebook had been aware about such malicious applications and had undertaken several efforts to improve security of users and platform.

The social network recently announced testing a new security checkup tool that quickly guided one through a few of the options that anyone could access on their security settings page.

''If you see the test, you will be able to change your password, turn on login alerts, and clean up login sessions simply by clicking through the screen prompts. Based on feedback, we hope to make Security Checkup available more broadly and whenever you want to use it,'' Facebook said in a post.

''Between this new checkup and the security content we recently added to Facebook Privacy Basics, it's easier than ever to find the information you want about how we protect your account and what tools are available to you.''

Facebook had also created a ThreatExchange platform where security professionals could share information regarding cyber threats. The company's ThreatExchange was based on the social network's existing infrastructure, though layered APIs on top of it allowed partner companies to access the threat information.

According to Mark Hammell, manager of the ThreatInfrastructure team at Facebook, the goal was that organisations anywhere would be able to use ThreatExchange to share threat information more easily, learn from each other's discoveries, and make their own systems safer, The Times of India reported.