• TechCrunch, Tuesday, May 11, 2010 1:45 PM

Web security consultant George Deglin has discovered an "exploit," or security issue, that allows malicious sites to immediately harvest a Facebook user's name, email, and data shared with 'everyone' on Facebook, with no action required on the user's part, TechCrunch reports. "This specific exploit has been patched, and no user data was compromised, but the security problems behind it remain." The so-called exploit reportedly took advantage of Cross Site Scripting to inject malicious code into popular business review site Yelp.

Adds TechCrunch: "Normally such an attack wouldn't have particularly broad implications for Facebook users, but Yelp is, of course, one of the three sites that have been deemed fit for Facebook's highly controversial Instant Personalization feature." The feature apparently grants Yelp immediate access to much of a user's core Facebook data as soon as they visit the reviews site, without having to bother with logins or Connect buttons.

Read the whole story at TechCrunch »