A flaw in Facebook's advertising system may have allowed countless other companies, notably advertising firms, to access their profiles, photographs, and chats -- and even post messages and mine their personal information, security software firm Symantec said Tuesday in a blog post.
Third-parties would have had access to personal information over the span of several years thanks to a flaw involving access tokens -- like "spare keys" granted by you to the Facebook application, the security software maker said.
"We estimate that as of April 2011, close to 100,000 applications were enabling this leakage," the blog post said. Symantec said there was no way to estimate how many accounts have been leaked, but the numbers could be astronomical.
"Over the years, hundreds of thousands of applications may have inadvertently leaked millions of access tokens to third parties," posing a security threat, the blog post said.
The third-parties may not have realized their ability to access the information, it said. Facebook, the world's largest social networking website, was notified of this issue and confirmed the leakage, the blog post said.
It said Facebook has taken steps to resolve the issue. The massive social network took issue with some of Symantec's findings.
"Unfortunately, their (Symantec's) resulting report has a few inaccuracies. Specifically, we have conducted a thorough investigation which revealed no evidence of this issue resulting in a user's private information being shared with unauthorized third parties," Facebook spokeswoman Malorie Lucich said in a statement.
Lucich said the report also ignores the contractual obligations of advertisers and developers which prohibit them from obtaining or sharing user information in a way that "violates our policies."
She also confirmed that the company removed the outdated API (application programing interface) referred to in Symantec's report.
Facebook has more than 500 million users and is challenging Google and Yahoo for users' time online and for advertising dollars.
Newswires contributed to this report.