Facebook has plugged a hole that was inadvertently providing advertisers and other third parties access to user accounts via tokens that serve as "spare keys," Symantec said today after disclosing the problem to the social-networking company.
"Facebook was notified of this issue and has confirmed this leakage," Nishant Doshi, a senior software engineer at Symantec, wrote in a blog post. "Facebook notified us of changes on their end to prevent these tokens from getting leaked."
"We estimate that as of April 2011 close to 100,000 applications were enabling this leakage," Doshi wrote. "We estimate that over the years, hundreds of thousands of applications may have inadvertently leaked millions of access tokens to third parties."
More: http://news.cnet.com/8301-27080_3-20061609-245.html
............................................................................................
"Facebook was notified of this issue and has confirmed this leakage," Nishant Doshi, a senior software engineer at Symantec, wrote in a blog post. "Facebook notified us of changes on their end to prevent these tokens from getting leaked."
"We estimate that as of April 2011 close to 100,000 applications were enabling this leakage," Doshi wrote. "We estimate that over the years, hundreds of thousands of applications may have inadvertently leaked millions of access tokens to third parties."
More: http://news.cnet.com/8301-27080_3-20061609-245.html
