Facebook users' personal information could have been accidentally leaked to third parties, according to one security firm, marking the latest in a growing trend of compromised personal data.
Symantec said on Wednesday that it discovered that certain ill-programmed applications on Facebook would leak access tokens to third parties, giving perpetrators the ability to gain access to a number of personal profile items.
We estimate that as of April 2011, close to 100,000 applications were enabling this leakage Symantec researchers said in a blog posting. We estimate that over the years, hundreds of thousands of applications may have inadvertently leaked millions of access tokens to third parties.
They explained that that access tokens are like 'spare keys' granted by you to the Facebook application.
Applications can use these tokens or keys to perform certain actions on behalf of the user or to access the user's profile. Each token or 'spare key' is associated with a select set of permissions, like reading your wall, accessing your friend's profile, posting to your wall, etc.
Facebook denies the accusations. But if true, the leak would be just one of many high-profile companies succumbing to sloppy programming or malicious attacks.
Last Wednesday Cloud-based password management company LastPass issued a warning to users advising customers to change their passwords as a precaution to what may be a massive data-breach. The company serves clients in 113 countries.
On the same day, Best Buy has had to inform customers that their e-mail addresses were stolen for the second time. On April 22, the consumer electronics retailer discovered some e-mail addresses had been exposed in a security breach at a third-party vendor.
And perhaps what is becoming the most infamous case of all: Sony.
The Japanese gaming giant admitted that its only gaming network, the Playstation Network, was hacked, potentially exposing data of nearly 80 million users. The breach, one of the largest in history, also leaked 10 million credit cards, though the company said those were encrypted.
Beyond data leaking and free-flowing personal data, some top consume electronics makers are also feeling the heat for making mobile devices that are tracking the actual whereabouts of consumers.
Both Apple and Google are in the congressional hot-seat this week after researchers discovered last month that the iPhone and Android based phones were logging user movements.
In Google's case, devices were even sending location data back to Google at a rate of 1000 times per day.
Both companies said that the services improve user services such as maps, and make services also more relevant to the user by understanding their current location. They also claim that the data is not personally identifiable.