Even after leaving Facebook.com, a serious flaw in Facebook‘s account security allows any website to post and “Like” a page without the user’s knowledge or permission.
Imagine visiting your Facebook account, viewing your Facebook Timeline, making a few posts on your Facebook wall, updating your status. Then you leave Facebook.com, without logging out of Facebook, and go to a few other websites. You know, the usual daily routine. For many, it’s easier to just leave Facebook.com and go to other websites without logging out of your Facebook account. When you go back to Facebook.com, you’re already logged in–you don’t to type your Facebook user Id and password again. You can go right to your Facebook timeline, to see all of the updates from your Facebook friends.
Security Flaw Effects 31 Percent of Web Site Visitors
52.41% Bounce Rate
7:04 minutes Avg. Time on Site
54.62% New visits
45.64% Firefox Users
34.20% Chrome Users
9.36% Internet Explorer Users
Referring Web Sites:
38.24% New Visits Direct to Site
71.27% New Visits from Google
61.90% New Visits from Facebook.com
83.33% New visits from m.Facebook.com
30.8% Users who Auto Liked and Auto Posted on their Facebook Wall
Nearly 31 Percent of these tech-savvy users who visited the test web site were still logged into Facebook–and the script caused them to automatically “Like” the page and automatically posted on their Facebook Wall that they liked the web site–promoting the web site to all of their Facebook Friends. And although the about half of the new visits were direct visits to the test web site, the 3rd and 4th most popular referring site was Facebook (I am assuming that they came because someone had promoted the web site on their Facebook status). 62 percent were from Facebook.com and a whopping 83 percent were new visits from the mobile version of Facebook.com.
What is disturbing here is the fact that when you visit a website. Not only will you “Like” a URL of the web site owner’s choosing, the web site will also automatically post on your Facebook Wall without you even knowing it. If you are logged into your Facebook account, even though you are NOT on Facebook.com, any website can automatically post on your Facebook Wall without your knowledge. This is a serious Facebook security flaw that Facebook needs to address right away.
How You can Stop Facebook Account Security Flaw
At this point, there is really only one way that you personally can stop web sites from automatically posting and auto “Liking” when you visit their web site. When you visit Facebook.com you should log in–and when you leave Facebook.com, you should log out. As long at you are technically logged out of Facebook.com, there is no way that a devious web site owner can force you to automatically “like” their web site–and they cannot automatically post to your Facebook Wall.
Facebook absolutely needs to take action right away so that this cannot continue to happen. Facebook must protect the integrity of the Facebook “Like” system, or a Facebook “Like” will be meaningless in the future. A good start would be for Facebook to implement some sort of Captcha Code as a part of the Facebook “Likes”, which would be a good step in the right direction here.