comscore Facebook apps may have leaked millions of users’ personal data | Honolulu Star-Advertiser
Every act of aloha counts. Click here to DONATE to the MAUI RELIEF Fund.
Top News

Facebook apps may have leaked millions of users’ personal data

Honolulu Star-Advertiser logo
Unlimited access to premium stories for as low as $12.95 /mo.
Get It Now
    Following on the popularity of sites like Groupon

LOS ANGELES — Facebook apps may have inadvertently leaked the personal data of millions of Facebook users to third parties such as advertisers, according to the Web security firm Symantec.

Among the information that could have been accessed is data from user profiles, pictures and Facebook chats between users.

“Fortunately, these third parties may not have realized their ability to access this information,” said Nishant Doshi, a Symantec spokesman in a company blog post. “We have reported this issue to Facebook, who has taken corrective action to help eliminate this issue.”

A Facebook spokeswoman said the Palo Alto, Calif., company has updated its application programming interface (or API) to remove the weaknesses in its platform that Symantec discovered.

“We appreciate Symantec raising this issue, and we worked with them to address it immediately,” Facebook said in an emailed statement. “Unfortunately, their resulting report has a few inaccuracies. Specifically, we’ve conducted a thorough investigation which revealed no evidence of this issue resulting in a user’s private information being shared with unauthorized third parties.

“In addition, this report ignores the contractual obligations of advertisers and developers which prohibit them from obtaining or sharing user information in a way that violates our policies.”

Symantec found that the data leaks took place in the mistaken giveaway of “access tokens” to third parties in as many as 100,000 different applications as of April, Doshi said.

“We estimate that over the years, hundreds of thousands of applications may have inadvertently leaked millions of access tokens to third parties,” he said. “Access tokens are like ’spare keys’ granted by you to the Facebook application. Applications can use these tokens or keys to perform certain actions on behalf of the user or to access the user’s profile. Each token or ’spare key’ is associated with a select set of permissions, like reading your wall, accessing your friend’s profile, posting to your wall, etc.”

As many as 20 million Facebook apps are installed by users of the world’s most popular social network every day, Doshi said.


(c) 2011, Los Angeles Times.

Visit the Los Angeles Times on the Internet at

Distributed by McClatchy-Tribune Information Services.


Comments have been disabled for this story...

Click here to see our full coverage of the coronavirus outbreak. Submit your coronavirus news tip.

Be the first to know
Get web push notifications from Star-Advertiser when the next breaking story happens — it's FREE! You just need a supported web browser.
Subscribe for this feature

Scroll Up