According to security firm Symantec Corp, a security vulnerability on Facebook Inc. for years gave advertisers and other third parties an opening into users' accounts as well as their personal information.  However, Facebook said today that it had fixed the problem, and at the same time, found no evidence that the vulnerability had resulted in private information having been leaked.

Symantec had described the issue as accidental, and one which focused on Facebook applications, the third-party programs that allow users to play games, shop as well as performing other tasks on Facebook.  In some situations, those applications had allowed for advertisers and analytics companies access tokens, which, as The Wall Street Journal describes, were like "spare keys" for access to information on a user's account, such as reading wall posts, accessing a friend's profile, posting to a wall, as well as mining other data.

Symantec said that as of April, they estimated that the vulnerability had affected approximately 100,000 Facebook apps - but take into consideration though that Facebook first introduced apps in 2007, so possibly a multitude of applications could have accidentally leaked millions of access tokens out to third parties.

In sort of a bright spot, it is feasible that the third parties didn't make the connection that they had the capability to access the leaked info.  Just the same, "the repercussions of this access token leakage are seen far and wide," noted Symantec researcher Nishant Doshi in a blog post.

After being notified by Symantec, Facebook did take steps to address the problem.

"We've conducted a thorough investigation which revealed no evidence of this issue resulting in a user's private information being shared with unauthorized third parties," said a Facebook spokeswoman in an email, but did not specify how they conducted their study.  The spokeswoman did make mention of the fact that contractual obligations with advertisers and developers do prohibit them from obtaining or sharing user information, in a manner that would violate Facebook's policies.

Finally, she also said that the company has "strong policy enforcement and technical measures that allow us to quickly catch and take action against suspicious behavior on the platform."

Follow this article's author, Matthew Tilmann on Twitter

(Image courtesy of thenextweb.com)