May 11, 2011
The issue occurred when more than 100,000 Facebook applications accidentally passed along user access tokens. Those tokens, known as a “spare key” could then be used to access a users account, allowing third parties to post info to a user’s wall and access other parts of their accounts.
Anyone with access to an access token would also be able to mine for personal information, gain access to a user’s friends’ profiles and access other parts of a users accounts, however no reported evidence of such events occurring were reported, in fact it’s believed that third parties were not even aware that they were receiving the extra information. read more