The first application for Google’s OpenSocial API program has been taken down, after it was discovered that a hacker could change a person’s user profile. The application was built by third-party developer RockYou for Plaxo.
A developer, named ‘harmonyguy’, alerted Vice President of Marketing John McCrea to the vulnerability in the RockYou “emoticons” for Plaxo via the OpenSocial API program. ‘harmonyguy’ was able to add emoticons without the permission of John McCrea. The Application was taken down after 45 minutes, say TechCrunch.
“We have temporarily taken down this app, due to some bugs discovered today. We apologise for the inconvenience. We are at the early phase of this, so expect some ups and downs … Your patience appreciated,” John McCrea wrote, posted last Friday on the Plaxo Blog.
‘harmonyguy’ also claims to have hacked third-party applications for the Facebook platform; but said that it was harder to make changes to another user’s profile. “The main issue I’ve found with Facebook apps is being able to access people’s app-related history; for instance, until recently, I could access the SuperPoke action feed for any user,” he said to Michael Arrington.
The Google OpenSocial API program includes Engage.com, Friendster, LinkedIn, MySpace, Oracle, orkut, Plaxo and Salesforce.com. We should clarify that Facebook is not part of the program.
‘harmonyguy’ also says that the hack might not be malicious; but if Google doesn’t stabilise the platform, more attacks will come.
Image Credits goes to Michael Arrington from TechCrunch.