May 11, 2011
US computer security firm Symantec on Tuesday said that Facebook accidentally left a door open for advertisers to access profiles, pictures, chat and other private data at the social network.
Symantec discovered that certain Facebook applications leaked tokens that act essentially as “spare keys” for accessing profiles, reading messages, posting to walls or other actions.
Facebook applications are Web software programs that are integrated onto the leading online social network’s platform. Symantec said that 20 million Facebook applications such as games are installed every day.
The tokens were being leaked to third-party applications including advertisers and analytics platforms allowing them to post messages or mine personal information from profiles, according to Nishant Doshi of Symantec.