Security firm Symantech has found out that Facebook has been leaking special permission (access tokens) to the advertisers exposing Facebook user’s profile informations, photos, chat logs. And security guys suggests that people should change their Facebook password just to be in the safe side.
Every time you add an App into your Facebook profile, it asks for the permission to access your profile data and you must click Allow Access to use that App. In this process, Facebook was suppose to provide access token to that App only but it turns out that access token also gets passed to advertisers too. Meaning advertisers can access your profile data too. According to the security firms, Facebook has given out these access tokens to around 1000,000 applications since 2007 and they can provide access to your profile data until you change your current Facebook password which will invalidate the access token.