Facebook “Spare Key” Security Flaw Existed For Years

Facebook Security

Facebook SecurityFacebook user information was passed along to advertisers and third parties for years according to a Symantec report passed along to the social network last month.

The issue occurred when more than 100,000 Facebook applications accidentally passed along user access tokens. Those tokens, known as a “spare key” could then be used to access a users account, allowing third parties to post info to a user’s wall and access other parts of their accounts.

Anyone with access to an access token would also be able to mine for personal information, gain access to a user’s friends’ profiles and access other parts of a users accounts, however no reported evidence of such events occurring were reported, in fact it’s believed that third parties were not even aware that they were receiving the extra information. [Read more…]