Facebook leaks millions of users' personal data

Facebook loophole sees millions lose personal data

Apparent loophole in security of world's biggest social networking site

Facebook's 500 million users could have had their personal data leaked to third-party internet companies, computer security specialist Symantec has warned today.

Profile information, photographs and chat logs of more than 500 million people who use the social networking website have been potentially leaked over a number of years, due to a loophole in the programming code used by third party Facebook application developers.

.relatedLinksLeft { font-size:12px; width:300px; margin:12px 12px 12px 0; float:left; padding:0px 0px 10px 0px; background:#ececec; } h3.rlTitle {margin:0px; display:block; padding:5px 0 4px 15px !important; background:#ddd; }

Symantec, known to many as the firm behind Norton Antivirus and Norton Internet Security, has identified a problem with 'access tokens' which operate much like spare keys, in that they are used by Facebook applications to gain access to personal profile information.

Users of Facebook applications, 20m of which are reportedly installed each day, typically grant the programs access to post notifications on their profile and interact with their friends, whilst also allowing access to other data. The problem is that applications may have been passing on this information, with Symantec reporting in a blog that 'hundreds of thousands of applications may have inadvertently leaked millions of access tokens to third parties like advertisers or analytic platforms.'

You won't be surprised to find out that Facebook has played down Symantec’s findings, with security spokesperson Malorie Lucich stating the 'report has a few inaccuracies'. Refuting the security company's blog post, Facebook said: 'We have conducted a thorough investigation which revealed no evidence of this issue resulting in a user's private information being shared with unauthorized third parties.'

The spokesperson for the social networking site was also quick to point out the contractual obligations of advertisers and developers which prohibit them from taking or sharing user information in a way that 'violates our policies'. However, it appears the company did identify an issue, as it has updated the Application Programming Interface referred to by Symantec.

The embarrassing news appears a week after Wikileaks founder Julian Assange claimed Facebook was 'an appalling spying machine'. It also comes as Sony continues to grapple with security issues on the Playstation Network, following an attack in which personal details of 100 million users were stolen.

Are you worried about you personal infromation being stolen? Get in touch on Twitter and Facebook.

Via: Daily Mail