Facebook has done it again.
According to a blog post by security software giant, Symantec Corporation, Facebook may have inadvertently allowed third party sites, mostly advertisers, access to users’ profile information, including pictures, chat, and even the ability to post messages to users’ walls.
These leaks were allowed through some of the millions of applications in use on Facebook. According to Symantec, they ‘estimate that as of April 2011, close to 100,000 applications were enabling this leakage’. This leaves the grim possibility that over the past few years, millions of users’ information were accessible by third party sites.
As Symantec explains, these Facebook applications were unknowingly leaking access tokens or ‘spare keys’ to third party websites, such as advertisers and analytics.
Their hope is that most sites did not notice that they had to access to such information.
Of course, Facebook has now corrected the problem. For users worried about their information, changing your password invalidates these access tokens.