Facebook may have leaked “access tokens” to advertisers.
According to Symantec Corp., the social networking site may have inadvertently leaked the personal information of Facebook users to third parties. The leaks perhaps took place over the past several years, says the security software maker, and the “access tokens” were at the core.
Access tokens are essentially the set of spare keys you keep under the fake rock in front of your house. Access to the access tokens allows third parties the ability to view user profiles, post on user profiles and even chat. The access tokens were leaked through Facebook apps like quizzes and some games. According to Symantec, the third parties in possession of the information may not have even realized the nature of the leak or that they even possess the access tokens.
Symantec says that Facebook has confirmed the leakage and has taken steps to repair it. The Symantec blog digs into the nitty gritty, explaining just how the leak took place and how the access tokens may still exist in the log files of advertisers and other third parties.
Facebook users should change their passwords, as this would invalidate the “spare keys” of course. The site is encouraging all users to take this step, if for nothing less than a precautionary measure. Symantec estimates that millions of access tokens have been leaked by around 10,000 applications since 2007. That said, there’s no way to really tell exactly how many access tokens have hit the third party circuit.
Facebook, while admitting to making the appropriate fixes, responded to the report from Symantec. “Unfortunately, their resulting report has a few inaccuracies. Specifically, we have conducted a thorough investigation which revealed no evidence of this issue resulting in a user’s private information being shared with unauthorized third parties,” Facebook spokeswoman Malorie Lucich said.
Did you like this post ? TheTelecomBlog.com publishes daily news, editorial, thoughts, and controversial opinion – you can subscribe by: RSS (click here), or email (click here).
Written by: Jordan Richardson. www.digitcom.ca. Follow TheTelecomBlog.com by: RSS, Twitter, Facebook, or YouTube.
Comments on this entry are closed.