500million Facebook users 'may have had information leaked to advertisers'

• Warning comes two weeks after Sony admitted 100m users Had their personal details stolen by hackers

Millions of Facebook users' personal information has been leaked to third-party companies, it has been claimed.

The apparent data breach includes profile information, photographs and chat logs from the more than 500million people who use the social networking website.

Third parties, such as advertisers, would even have had the ability to post messages, computer security company Symantec said in its official blog.


Breached: Millions of Facebook users have had their personal details shared with third-party companies without their knowledge, according to internet security company Symantec

The leak, Symantec said, comes from the many Facebook applications published by third-party developers.

The blog post said: 'We estimate that as of April 2011, close to 100,000 applications were enabling this leakage.'

It continued: 'Over the years, hundreds of thousands of applications may have inadvertently leaked millions of access tokens to third parties like advertisers or analytic platforms.'

'Access tokens' allow Facebook applications to access and change personal profile information.
Users' typically grant applications this type of access to allow them to post notifications on their profile, and on their friends' profiles, and to access data.

But by handing over these tokens to others, application developers were giving advertisers or online analytics companies a way to get at this information too.

According to Facebook, as many as 20million applications are installed on to users' profiles every day.

The warning comes just two weeks after Sony admitted that 100million users of its PlayStation Network and Sony Online Entertainment services had their security details stolen by hackers.

Two cyber attacks, which the tech company blamed on hacker activists Anonymous, left the company's online gaming network out of action as security engineers battled to stem the flow of users' private information, including emails, birth dates, phone numbers and addresses.

Global reach: Facebook now has more than 500million users. This map shows the global links of 'friendships' logged on the site

Symantec said they had notified Facebook, the world's largest social networking website, of the breach in security.

Symantec is one of the world's biggest internet security companies. Millions of computer owners use the company's flagship Norton Antivirus and Norton Internet Security products to protect their personal data while using the internet.

Facebook's security spokesman, Malorie Lucich, played down the warning. 'Unfortunately, their (Symantec's) resulting report has a few inaccuracies,' she said.

'Specifically, we have conducted a thorough investigation which revealed no evidence of this issue resulting in a user's private information being shared with unauthorized third parties.'

Ms Lucich said the report also ignores the contractual obligations of advertisers and developers which prohibit them from taking or sharing user information in a way that 'violates our policies.'

She also confirmed that the company has updated the API (Application Programming Interface) referred to by Symantec.
------------------------------------------------------------------
500m Facebook users 'may have had information leaked to advertisers' | Mail Online