From the Symantec Blog:
Third parties, in particular advertisers, have accidentally* had access to Facebook users’ accounts including profiles, photographs, chat, and also had the ability to post messages and mine personal information. Fortunately, these third-parties may not have realized their ability to access this information. We have reported this issue to Facebook, who has taken corrective action to help eliminate this issue.
Symantec has discovered that in certain cases, Facebook IFRAME applications inadvertently leaked access tokens to third parties like advertisers or analytic platforms. We estimate that as of April 2011, close to 100,000 applications were enabling this leakage. We estimate that over the years, hundreds of thousands of applications may have inadvertently leaked millions of access tokens to third parties.
Read the rest here.
* Accidentally – Occurring unexpectedly, unintentionally, or by chance.
Facebook has a long history of breaching user confidentiality, and it seems to rely on the “accidentally” excuse more often than not. The cynic in me sees it differently. Facebook may well be driven by a more convenient philosophy – nothing is illegal until you get caught.
If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.