According to foreign media reports, Facebook's local time in Wednesday denied Symantec's report that the company inadvertently leaked users ' personal information to third parties, including advertisers, for several years.
Symantec Two researchers local time published in Tuesday, said that a Facebook programming error allows advertisers to access the user's files, photos and chat information, and even use the user's account to publish messages, from the user's personal data mining useful information.
According to Symantec, information leaks originate from a flawed API (application programming Interface) in Facebook, resulting in "hundreds of thousands of" Facebook apps revealing so-called access tokens. Any third party associated with an application developer may obtain an access token and obtain the permissions allowed by the access token. Symantec points out that, although it is not known how many advertisers are aware of the personal information that can be accessed by users, the potential impact of this information leak may be "far-reaching".
But Facebook said the issue was not serious, saying the Symantec report was flawed. Malorie Lucich, a Facebook spokesman, said, "We thank Symantec for Maroli Rusic This issue, and we have solved it immediately by working with it." No user personal information is leaked to a third party, and the vast majority of access tokens are valid for 2 hours. Symantec's report also ignores the obligations of advertisers and application developers, under which they cannot obtain or share user information in a way that violates our policies. ”
A Facebook spokeswoman also said there was no evidence that the use of user information violated the company's policy, "we will take seriously possible problems and have taken swift steps to prevent such incidents from recurring".
A Symantec spokesman said today that the company still believes the report is accurate but has not made any further comments. Kevin Haley, head of Symantec's security response department, said that while a third party might not be aware of the problem, it does not necessarily mean that no one is Kevin Halley to take advantage of the problem.
The Wall Street Journal reported last October that several popular Facebook apps such as "FarmVille", "Texas holdem Poker" and "FrontierVille" were secretly sending user information to advertisers. Facebook was also sued by users last year for privacy policy.
Chris Palmer, technical director of the Electronic Frontier Foundation, said, "This information disclosure incident is not surprising, and previous Chris Pamer and other websites and platforms have had similar problems." Although this incident was an accident, it was not the first time on Facebook. ”
Palmer said that providing advertisers with detailed information about users is part of the Facebook business model, "so we anticipate that such events could happen again." The business model requires Facebook to maintain a delicate balance between satisfying advertisers and not angering too many users.
Jeffrey Chester Jeffrey Chester, executive director of the Democratic Digital Center, said Facebook is working with a growing number of third parties to collect user information, "so it's not surprising that users ' information leaks."