Thousands of Spare Keys are Leaked Out from Facebook Apps

Once more it appears like loss of privacy is a price to pay for using Facebook with the discovery that tens of thousands of Facebook apps have seeped out get into the third parties, like as advertisers.

About 100,000 Facebook applications have allowed leakage of access tokens to third parties, Security Firm Symantec said.  Access tokens are illustrated as “spar keys” by the company, which app utilize to do actions for the user or access their profile, as they allow the skill to perform things like read or post to a wall.  The leakage trouble stems from the reality that some Facebook apps utilize old confirmation methods, and third parties might grab these entry tokens on reason, or most probably by misfortune.

Facebook apps“Needless to say, the repercussions of this access token leakage are seen far and wide.  Facebook was notified of this issue and has confirmed this leakage.  Facebook notified us of changes on their end to prevent these tokens from getting leaked,” Symantec researcher Nishant Doshi said.

The researcher added, “There is no good way to estimate how many access tokens have already been leaked since the release of Facebook applications back in 2007. We fear a lot of these tokens might still be available in log files of third-party servers or still being actively used by advertisers.”

Users could alter their passwords to cancel leaked tokens, as Facebook has also proclaimed a change to its developer roadmap, utilizing a new confirmation standard named Oauth 2.0.

photo credit: