Rediff.com« Back to articlePrint this article

'Facebook users' details inadvertently leaked'

Last updated on: May 11, 2011 11:11 IST
US President Barack Obama shakes hands with Facebook CEO Mark Zuckerberg in Palo Alto, California.

Hundreds of thousands of Facebook users account details could have been 'inadvertently' leaked to third parties, in particular advertisers, over the years, according to data security solutions provider Symantec.

"Symantec has discovered that in certain cases, Facebook IFRAME applications inadvertently leaked access tokens to third parties like advertisers or analytic platforms," Symantec Corp said in its official blog.

Click NEXT to read further. . .

'Facebook users' details inadvertently leaked'

Last updated on: May 11, 2011 11:11 IST

Third parties, in particular advertisers, have accidentally had access to Facebook users' accounts, including profiles, photographs and chat, and also had the ability to post messages and mine personal information.

"We estimate that as of April, 2011, close to 100,000 applications were enabling this leakage.

"We estimate that over the years, hundreds of thousands of applications may have inadvertently leaked millions of 'access tokens' to third parties," the blog post added.

Click NEXT to read further. . .

'Facebook users' details inadvertently leaked'

Last updated on: May 11, 2011 11:11 IST

Access tokens are like 'spare keys' granted by a Facebook user to the Facebook application.

Applications can use these tokens or keys to perform certain actions on behalf of the user or to access the user's profile.

"Fortunately, these third-parties may not have realised their ability to access this information," the blog post said.

Click NEXT to read further. . .

'Facebook users' details inadvertently leaked'

Last updated on: May 11, 2011 11:11 IST

Facebook has been informed of this development and has taken corrective action to help eliminate this issue.

"Facebook was notified of this issue and has confirmed this leakage. Facebook notified us of changes on their end to prevent these tokens from getting leaked," the blog post said.

© Copyright 2024 PTI. All rights reserved. Republication or redistribution of PTI content, including by framing or similar means, is expressly prohibited without the prior written consent.