After Sony PlayStation’s recent security breach (hackers managed to steal personal wealth information from its system), we now have Symantec reporting that Facebook might have accidentally leaked your personal information.
This is a serious security issue where the world’s largest social networking platform should concern.
According to Symantec’s blog post, third parties, in particular advertisers, have accidentally had access to Facebook users’ accounts including profiles, photographs, chat, and also had the ability to post messages and mine personal information.
It also says that these apps may not have realized their ability to access this info which is good. Symantec reported this issue to Facebook who is installing 20 million applications every day and it has taken corrective action to help eliminate this issue. Facebook also confirmed this leakage and made changes on their end to prevent these tokens from getting leaked.
You can read full Symantec’s analysis how this access token is leaked here and also Facebook’s Developer Roadmap of moving to OAuth 2.0 + HTTPS here. According to the roadmap, Facebook announced a plan requiring all sites and apps to migrate to OAuth 2.0, and obtain an SSL certificate.