Facebook exposed your private data to advertisers

Another day, another Facebookprivacy fiasco. And this time it’s a doozy according to security experts at Symantec (NASDAQ: SYMC). It found Facebook has accidentally exposed users’ info to third parties, including advertisers, for the past four years.

The good news is once Facebook was alerted the problem it fixed it. But, some Facebook users might still be vulnerable to a digital invasions of privacy unless they take action. Here is what happened.

The Facebook privacy flub

Symantec claims Facebook has not only leaked private data such as your sex and your age, but for the past four years third-parties have had access to such goldmines as your profile, photos, and chats. Symantec also blats Facebook for giving third parties the ability to post things to your wall.

Luckily, there’s an upside–Symantec says it’s likely that said third parties weren’t even aware of the data mines sitting under their feet. After all, the leakage was accidental.

How it happened

According to Symantec, certain Facebook applications have been inadvertently leaking “access tokens” to third parties such as advertisers and analytic platforms. Symantec estimates that close to 100,000 Facebook apps were enabling this leakage in February 2011.

When you install an application on your Facebook account, a little window pops up. This window usually asks you to give the application certain permissions, such as the ability to see your info and publish posts to your wall. When you click “Allow,” the application is granted these permissions–which are also known as “access tokens.”

Most of these access tokens expire after a short period of time, but Facebook also allows applications to request “offline access tokens.” Offline access tokens allow the application to access your Facebook account even if you’re logged off, and do not expire until you change your Facebook password.

According to Symantec, in the process of granting access tokens to applications, Facebook has been inadvertently dropping the same tokens to third parties. Facebook introduced third-party applications in 2007, so there’s no telling how many access tokens were dropped in the past four years.

What it means for you

Facebook has been alerted to the situation and has fixed the problem, Symantec is happy to report. However, third parties may still be able to access your information if they were given offline tokens that don’t expire until you change your password.

So this means you should change your password.

And probably, stop trusting Facebook. But that’s another story.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Related Tech News

Featured Tech Jobs


CDN in your inbox

CDN delivers a critical analysis of the competitive landscape detailing both the challenges and opportunities facing solution providers. CDN's email newsletter details the most important news and commentary from the channel.