Looks like it’s time to change your password …
OK, let’s get this out of the way: Facebook likes to share your information, probably more so than you’re comfortable with. However, the information sharing has unintentionally hit a new high (or is it a new low?), thanks to a slew of third-party apps leaking access tokens.
According to Symantec: As of April 2011, as many as 100,000 Facebook apps may have allowed user access to be leaked:
Symantec has discovered that in certain cases, Facebook IFRAME applications inadvertently leaked access tokens to third parties like advertisers or analytic platforms. We estimate that as of April 2011, close to 100,000 applications were enabling this leakage. We estimate that over the years, hundreds of thousands of applications may have inadvertently leaked millions of access tokens to third parties.
Access tokens are like ‘spare keys’ granted by you to the Facebook application. Applications can use these tokens or keys to perform certain actions on behalf of the user or to access the user’s profile. Each token or ‘spare key’ is associated with a select set of permissions, like reading your wall, accessing your friend’s profile, posting to your wall, etc.
Symantec reported this issue to Facebook, which corrected the problem. While that sounds fine and dandy, the problem is that the correction doesn’t work retroactively. Priorly-leaked tokens are still potentially damaging because they could provide access to your account. Unfortunately, there isn’t a list of apps that leaked the information, so it’s tough to know who was affected by the data leak.
However, the solution is pretty simple: Change your password. According to Symantec, changing your password is like changing the lock on your front door; old keys won’t work anymore. So, if you’ve got a ton of third-party apps linked to your Facebook account, this seems like a smart move.