Facebook users' personal information 'leaked' by errant applications
An accidental leak of Facebook users’ personal information over the past few years could have gone to advertisers, Symantec Corp. said in its official blog.
The security software maker (blog) said the third parties, likely advertisers, might have gotten into personal information — photographs, chat, profiles — and might have had the ability to post messages.
Symantec said, over the years, close to 100,000 applications were leaking the information with millions of access “tokens” to third parties.
Access tokens are like ‘spare keys’ granted by a Facebook application, the Symantec blog explained. Applications use tokens to create actions on behalf of the user, or to access the user’s profile. Each token has a set of permissions.
Facebook applications are Web applications that are integrated onto the Facebook platform. According to Facebook, 20 million Facebook applications are installed every day.
Fortunately, these third-parties may not have realized their ability to access this information, said Symnatec blogger Nishant Doshi.
“We have reported this issue to Facebook, who has taken corrective action to help eliminate this issue,” Doshi wrote.
“We fear a lot of these tokens might still be available in log files of third-party servers or still being actively used by advertisers. Concerned Facebook users can change their Facebook passwords to invalidate leaked access tokens.”
Facebook has more than 500 million users and is challenging Google Inc. and Yahoo Inc. for users’ time online and for advertising dollars.