Symantec has published a report claiming that for several years nearly 100,000 Facebook apps have been leaking access codes belonging to millions of users’ profiles.
Symantec’s report says that an app security flaw may have given advertisers and other third parties access to Facebook users’ profiles, though a Facebook spokesperson said in a statement that there is “no evidence” of this occurring.
We estimate that as of April 2011, close to 100,000 applications were enabling this leakage. We estimate that over the years, hundreds of thousands of applications may have inadvertently leaked millions of access tokens to third parties.
Symantec compares these “access tokens” to spare keys that let apps interact with your profile.