Facebook has made a new acquisition, snapping up Israeli facial recognition firm Face.com in a deal believed to be worth up to $100 million. But while Face.com's technology—which is already used to auto-tag photos on Facebook—has plenty of fans, its KLIK mobile app had a major security flaw that has only just been fixed. The app stored Facebook and Twitter tokens insecurely, making it possible for anybody to hijack a user's accounts and gain access to their private photos and post updates as the user.
The security flaw was spotted by an independent security researcher, who made sure it had been fixed before making his findings public. The problems shows that "users should be aware," writes David Kravets at Wired. "Anytime you grant access to your Facebook, Google or Twitter accounts to an outside app, there’s always a hazard that your accounts could be at risk. Today might be a good day to go review which apps you have given permissions to, and which you no longer use." (More Face.com stories.)