Symantec says that a programming error in the API used by developers of Facebook applications could have been leaking personal information of Facebook users to advertisers and other third parties for years. However, Facebook has responded quickly to deny that their application have exposed their users personal information and violated their privacy rights.
According to Symantec, any third party associated with any application developer had used the faulty API to gain access to passwords by using tokens of members provide every time they grant an application permission to access their account information. Symantec said that developers could have taken advantage of the faulty permission process that are associated with each token.
Symantec recommends that users should change their passwords on Facebook immediately, because even though the company had already solved the error, the filtered tokens could still remain in circulation or might be stored somewhere in the network.
Facebook has played down the problem raised by Symantec, and said that the information revealed by the security firm is somewhat “inaccurate.” “We are pleased that Symantec has discovered the problem, our engineers are working with them to resolve the problem immediately,” said Facebook spokesperson Malorie Lurich. “Our users privacy and security is very important to us, no private information can be passed to third parties because vast majority of the tokens expires after two hours.”