An official blog post from Symantec Corporation says that 100,000 Facebook applications were inadvertently leaking user information. Nishant Doshi, the writer of the blog post for Symantec, said that in the span of a few years ‘hundreds of thousands of applications may have inadvertently leaked millions of access tokens to third parties.’
Access tokens are used on Facebook so an application can interact with your user page, allowing permission to publish content and ‘likes’ to your wall and stream that is visible to friends, photographs, chat and other personal profile details. The leak is blamed on legacy Facebook API and using certain parameters in the redirect code.
Doshi said ‘Facebook was notified of this issue and has confirmed this leakage. Facebook notified us of changes on their end to prevent these tokens from getting leaked,’ confirming the issue has been corrected.