Symantec experts have discovered and helped to correct a serious mistake in the system for protecting the personal data of Facebook users.

At the same time, the error did not appear now, it existed for many years, and during these years Facebook applications passed on users' personal information to “third parties”, which are various advertising and marketing offices. An error in the system of protection of personal data of users was discovered by experts from Symantec, who conducted a general assessment of the impact of the detected vulnerability. As it turned out, hundreds of thousands of applications were affected, thereby transmitting user IDs to third parties.

Such identifiers (tokens) receive applications when the user sets their own access rights for a specific application (for example, the right to place messages on their own wall, or the right to access their photos and other personal data). Allegedly, applications that worked with the old authentication system are affected, and there are indeed hundreds of thousands of such applications.
')
Experts from Symantec told about all this after they helped their Facebook colleagues to close the vulnerability. Symantec representatives have reported that the error existed from the very beginning of the implementation of applications on Facebook, that is, from 2007. And now, according to experts, on the servers of various companies (the same “third party”), there may be many identifiers that are actively used by advertisers / marketers.

Generally speaking, the problem might not exist if Facebook did not support the so-called offline access tokens, which are valid for an unlimited amount of time. According to the Symantec team, the problem is easily solved by the hands of the users themselves, who can change passwords, with the result that identifiers stored on third-party servers lose their power.

As can be judged from the words of experts Symantec, the problem is really very serious. At the same time, a Facebook spokeswoman, who commented on this situation, believes that there is no evidence that this vulnerability was used for purposes that could violate Facebook’s security policies. A Facebook spokesman said the social network never provides users' personal information to advertisers. In addition, Facebook said that the old authentication system is no longer used .

Now, information about the problem has already been published on its pages by major publications, so that we can expect mass manifestations of Facebook users in the near future. True, whether the company itself will react to this is unclear - this is not the first time when errors are detected in the security system of social network No. 1.

Via theregister