Last week it was a hacker attack at Sony that left the personal data of 100 million customers exposed, today itÃ¢â‚¬â„¢s an accidental leak at Facebook that may have given third parties, in particular advertisers, access to user profiles.
IT security firm Symantec discovered that in certain cases, Facebook applications inadvertently leaked so-called Ã¢â‚¬Å“access tokensÃ¢â‚¬ to these third parties, potentially enabling them to access user profiles, photographs and chat.
Some 20 million Facebook applications are installed every day, apparently.
According to a post on SymantecÃ¢â‚¬â„¢s official blog:
We estimate that as of April 2011, close to 100,000 applications were enabling this leakage. We estimate that over the years, hundreds of thousands of applications may have inadvertently leaked millions of access tokens to third parties.Ã¢â‚¬
Symantec says it has reported the issue to Facebook, who has taken corrective action to help eliminate the issue.
Symantec goes on to advise concerned Facebook users to change their passwords to invalidate leaked access tokens:
In a recent postÃ‚ on the Epsilon data breach,Ã‚ we reportedÃ‚ that the average organizational cost of a data breach increased to $7.2 million in 2010 and cost companies an average of $214 per compromised record up from $204 in 2009, per a study by Symantec and the Ponemon Institute.
Read more on the Sony data breach in a New York Times article by Ron Lieber.