A flaw in Facebook involving nearly 100,000 applications gave advertisers access to personal information, according to security-software maker Symantec Corp.
With an “access tokens,” an advertiser could have looked at profile info and wall posts and even posted on a person’s wall, the Wall Street Journal reports. Symantec likens tokens to "spare keys" granted by you to the Facebook application.
According to Symantec's official blog: "We estimate that as of April 2011, close to 100,000 applications were enabling this leakage. Over the years, hundreds of thousands of applications may have inadvertently leaked millions of access tokens to third parties."
The third parties, Symantec says, were advertisers that would have had access to user information like photographs, chat and profiles. They could even post messages.
Symantec added that third parties might not have even known that they were able to access the sensitive information.
Facebook — which reports that 20 million applications are installed every day — said it had fixed the problem and had found no evidence of the flaw being exploited.
Daily Tech, meanwhile, suggests that Facebook does not focus on privacy, pointing out that Facebook CEO Mark Zuckerberg said this time last year: "People online today just don't have the same expectations of privacy online anymore."