Facebook Security Flaw Reported
HUFFINGTONPOST.COM - Symantec has published a report claiming that for several years nearly 100,000 Facebook apps have been leaking access codes belonging to millions of users' profiles.
Symantec's report says that an app security flaw may have given advertisers and other third parties access to Facebook users' profiles, though a Facebook spokesperson said in a statement that there is "no evidence" of this occurring.
We estimate that as of April 2011, close to 100,000 applications were enabling this leakage. We estimate that over the years, hundreds of thousands of applications may have inadvertently leaked millions of access tokens to third parties.
Symantec compares these "access tokens" to spare keys that let apps interact with your profile.
For example, access tokens are often used if you'd like an app to automatically post game updates on your wall. You give apps permission to access certain parts of your profile, and the Facebook app functions according to those constraints.
According to Symantec's investigation, these tokens were included in URLs sent to the application host and were then sent to advertisers and analytics platforms. If the recipient recognized the codes, they'd be able to gain access to users' walls, profiles and more.
Facebook announced on Tuesday the app flaw has been patched, but Symantec still recommends that Facebook users change their passwords immediately. >>>CLICK HERE TO READ MORE
Most Popular StoriesMost Popular StoriesMore>>