The Wall Street Journal reports on a security question at social-networking service Facebook:
A security vulnerability on Facebook Inc. for years gave advertisers and other third parties a way to access users’ accounts and personal information, according to security firm Symantec Corp.
But Facebook said Tuesday it had fixed the problem and found no evidence of the issue resulting in private information being leaked.
The issue, which Symantec described as accidental, centers on Facebook applications, the third-party programs that allow users to play games, shop and do other tasks on the Facebook website. In some cases, those applications shared with advertisers and analytics companies so-called access tokens, which act like spare keys (originally intended for the apps) to access or post information on a user’s account, including reading wall posts, accessing a friend’s profile, posting to a user’s wall and mining personal information. […]
It is possible that the third parties didn’t realize they had the ability to access this information. Still, “the repercussions of this access token leakage are seen far and wide,” wrote Symantec researcher Nishant Doshi in a blog post.
Symantec informed Facebook of the problem in the second week of April, and the social network took steps to address it. […]
Facebook’s spokeswoman said the company has “strong policy enforcement and technical measures that allow us to quickly catch and take action against suspicious behavior on the platform.”