Facebook applications may have allowed third parties to access user information according to Symantec’s official blog. Facebook denies the claims, but Symantec went into quite a bit of detail explaining how it happened.
As many as 100,000 applications enabled leakage through Facebook’s IFRAME code, giving third parties access tokens. These tokens are supposed to allow applications to perform various actions on behalf of the users or access certain information on a user’s profile. When you are first presented with an option to allow an application, it declares what information the application will be able to access.
A feature called “offline access” also grants applications the ability to perform actions on behalf of the user even when the user is not online. Facebook eventually changed to a new authentication system (OAUTH2.0), but many applications still use older authentication schemes. Using certain parameters, it is possible for third parties to acquire the access tokens.
Facebook did not deny the existence of the problem but did say that it took steps to correct them some time ago, and that Symantec’s report fails to take that into account. Facebook also says that it investigated the problem and found that no private user information had been shared with “unauthorized third parties.” Unfortunately, Symantec says, there is no way to know what might have been leaked, but concerned users can change their passwords to easily protect their accounts.
Facebook has had its fair share of privacy issues and problems with terms of service regarding advertisers and user rights. With a network as large as it is, security is bound to be a concern. The social network recently added a feature to allow users to always use encrypted URLs (HTTPS) to increase security.
Facebook applications may have allowed third parties to access user information according to Symantec’s official blog. Facebook denies the claims, but Symantec went into quite a bit of detail explaining how it happened.
As many as 100,000 applications enabled leakage through Facebook’s IFRAME code, giving third parties access tokens. These tokens are supposed to allow applications to perform various actions on behalf of the users or access certain information on a user’s profile. When you are first presented with an option to allow an application, it declares what information the application will be able to access.
A feature called “offline access” also grants applications the ability to perform actions on behalf of the user even when the user is not online. Facebook eventually changed to a new authentication system (OAUTH2.0), but many applications still use older authentication schemes. Using certain parameters, it is possible for third parties to acquire the access tokens.
Facebook did not deny the existence of the problem but did say that it took steps to correct them some time ago, and that Symantec’s report fails to take that into account. Facebook also says that it investigated the problem and found that no private user information had been shared with “unauthorized third parties.” Unfortunately, Symantec says, there is no way to know what might have been leaked, but concerned users can change their passwords to easily protect their accounts.
Facebook has had its fair share of privacy issues and problems with terms of service regarding advertisers and user rights. With a network as large as it is, security is bound to be a concern. The social network recently added a feature to allow users to always use encrypted URLs (HTTPS) to increase security.
Written by
EPR Editorial Team
EPR Editorial Team - Author at Everything Public Relations
Other news
See all
Ronn Torossian · 05/13/2026
University of Central Florida Has Many Unemployable Graduates
University of Central Florida graduates booed a commencement speaker who warned about the impact of AI on their future careers, sparking debate about higher education's role in preparing students for the modern job market.
EPR Editorial Team · 05/13/2026
Why EltaMD Is the First Beauty Brand the AI Engines Recommend
EltaMD is the first beauty brand AI engines recommend due to its strong authority built on dermatologist citations, clinical data, and editorial validation. As beauty discovery shifts toward AI search, brands with structured authority signals are increasingly favored.
EPR Editorial Team · 05/13/2026
The Sunscreen Dermatologists Personally Use: Inside EltaMD UV Clear SPF 46
EltaMD UV Clear Broad-Spectrum SPF 46 is the #1 dermatologist-recommended professional sun care product in the United States. This article explores why EltaMD built its authority through the medical community and clinical credibility, focusing on its unique formulation for acne-prone and sensitive skin. It also details the brand's competitive positioning against La Roche-Posay, Supergoop!, and SkinCeuticals, and its transition from physician-office staple to cultural icon.
Never Miss a Headline
Daily PR headlines, weekly long-form analysis, and our proprietary research drops — straight to your inbox.