100K FB Apps leaked
By Asha

Online Security Company Symantec had uncovered how as many as 100,000 Facebook (FB) Applications had access to users’ accounts, photos, chats and even the ability to post messages.  Symantec told Facebook about this security flaw, and only after it was patched up was the information made public.

The Symantec Security blog has the details

“
Third parties, in particular advertisers, have accidentally had access to Facebook users’ accounts including profiles, photographs, chat, and also had the ability to post messages and mine personal information. Fortunately, these third-parties may not have realized their ability to access this information.

Facebook applications are Web applications that are integrated onto the Facebook platform. According to Facebook, 20 million Facebook applications are installed every day.

Symantec has discovered that in certain cases, Facebook IFRAME applications inadvertently leaked access tokens to third parties like advertisers or analytic platforms. We estimate that as of April 2011, close to 100,000 applications were enabling this leakage. We estimate that over the years, hundreds of thousands of applications may have inadvertently leaked millions of access tokens to third parties.
…..
“