Coding errors in social networking sites such as Facebook and MySpace could lead to the inadvertent leakage of data. That statement is no generalization, though, according to developer Yvo Schaap. The crux of the matter has to do with how sites such as Facebook allow data to be received from, or sent to subdomains.

This opens the door to various types of exploitation: From an attacker being able to harvest a user's personal photos and data, to the stealing of one's credentials if auto-login is enabled.

Facebook has since rectified this particular problem by disallowing access from other applications to the affected subdomain. MySpace, on the other hand, took issue with the severity of the problem. It argued that it would only have exposed information that was already public. In any event, MySpace has also rectified the particular trouble spot too.

Well, until the next one is discovered...

For more on this story:
- check out this article at Computerworld

Related Articles:
Facebook expands security to thwart phishing attack
At least one trojan using Facebook as a command channel
Firms hire consultants to handle Facebook, Twitter