Personal Facebook data accidentally leaked to advertisers
Oh dear, another day and another personal data leak story - this time concerning Facebook.
Online security expert Symantec has stated, via its blog, that: "Third parties, in particular advertisers, have accidentally had access to Facebook users’ accounts including profiles, photographs, chat, and also had the ability to post messages and mine personal information."
The leaked data was due to Facebook IFRAME apps that mistakenly gave advertisers and web analytic firms access tokens, and that there were almost 100,000 Facebook apps guilty of the misdemeanor, leaking "millions" of access tokens.
"Access tokens are like ‘spare keys’ granted by you to the Facebook application," explains Symantec's Nishant Doshi.
"Applications can use these tokens or keys to perform certain actions on behalf of the user or to access the user’s profile. Each token or ‘spare key’ is associated with a select set of permissions, like reading your wall, accessing your friend’s profile, posting to your wall, etc."
Luckily, Symantec said that third parties may not have even known about the leak and, as such, didn't have time to access the data before it was reported to Facebook.