Facebook's Instant Personalization backfires already, thanks to Yelp security hole

When Facebook introduced Instant Personalization, a feature that shares your info with Facebook's partner sites so that those sites can customize your experience, there was a lot of worry about privacy issues. Facebook does pick its partners carefully, though, and only three sites can use your info right now: Microsoft's Docs.com, Pandora and Yelp. Unfortunately for Facebook, and Facebook users, Instant Personalization has turned a security hole in Yelp into a way to compromise Facebook accounts.

A security consultant was able to inject malicious code into Yelp, and thereby access any private information that Facebook shares with Yelp. Until very recently, that information included your email address, because of an oversight by Facebook. Facebook says no data has been breached at this time, and they're cutting Yelp out of Instant Personalization until the problem is dealt with. If Facebook wants to become the whole Internet, it's going to have to provide security for the whole Internet, and that's a tall order.

[via TechCrunch]

Tags: facebook, instant personalization, InstantPersonalization, privacy, security, yelp