RED ALERT: Facebook Leaked Access Tokens to Millions of User Accounts to Advertisers and App Publishers

Symantec reported that Facebook has been accidentally leaking users’ private information to advertisers.


Symantec says advertisers and publishers of Facebook apps have “accidentally had access to Facebook users’ accounts including profiles, photographs, chat, and also had the ability to post messages and mine personal information.”

Facebook may have leaked millions of access tokens to third parties. These tokens are like “spare keys.” Each token is associated with a set of permissions and can be used to access your personal Facebook data. Symantec says the best way to invalidate these tokens is to reset your password, which acts like “changing the lock” on your Facebook profile. If you have a Facebook account you should change your password now.

According to Reuters reports, Facebook claims the issue is all fixed and no user’s private information was leaked, but it gave no details and made no public announcement on its website. Facebook spokeswoman Malorie Lucich said in a statement, “Specifically, we have conducted a thorough investigation which revealed no evidence of this issue resulting in a user’s private information being shared with unauthorized third parties.”

Facebook should at a minimum be advising all of its users to change their passwords based on Symantec’s post. Facebook has not even mentioned the massive leak on its blog or on its Facebook page!

Seriously? So a big deal.


0 Responses to “RED ALERT: Facebook Leaked Access Tokens to Millions of User Accounts to Advertisers and App Publishers”

  1. Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 79 other followers

Follow Aly on Twitter


%d bloggers like this: