Skip to content

Draw Something and Facebook

There are over 50 million people using the app Draw Something for smart phones and tablets.  But for those who connected Facebook with the app, there is a security risk.  The app stores a Facebook access token in plain text.  What that means in English is, if a hacker got hold of this file, it would give him access to all of your private data in Facebook.

Gareth Wright discovered the issue and found that because Draw Something requests offline access to his account, he could perform a few FQL (Facebook’s equivalent of SQL) queries and was able to pull private information from his Facebook account.

These little access tokens are only good for 60 days but, that is enough time for someone to access your personal information.  We here at Frankenstein Computers would recommend that you not tie in the Facebook connection to your Draw Something app.