Symantec: Facebook Applications ‘Accidentally Leaking Access’

Privacy settings in Facebook Apps

An official blog post from Symantec Corporation says that 100,000 Facebook applications were inadvertently leaking user information. Nishant Doshi, the writer of the blog post for Symantec, said that in the span of a few years ‘hundreds of thousands of applications may have inadvertently leaked millions of access tokens to third parties.’

Access tokens are used on Facebook so an application can interact with your user page, allowing permission to publish content and ‘likes’ to your wall and stream that is visible to friends, photographs, chat and other personal profile details. The leak is blamed on legacy Facebook API and using certain parameters in the redirect code.

Doshi said ‘Facebook was notified of this issue and has confirmed this leakage. Facebook notified us of changes on their end to prevent these tokens from getting leaked,’ confirming the issue has been corrected.


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s