Symantec recently wrote a report on FaceBook security issues, highlighting that millions of people had personal data at risk. Yesterday Facebook made a statement arguing with the points that Symantec published.
Facebook spokeswoman Malorie Lucich sent out an email to ComputerWorld which read “We appreciate Symantec raising this issue and we worked with them to address it immediately …. But, specifically, no private information could have been passed to third parties, and the vast majority of tokens expire within two hours. The report also ignores the contractual obligations of advertisers and developers, which prohibit them from obtaining or sharing user information in a way that violates our policies.”
Symantec said they found security application flaws which had accidentally given third parties access to personal user data on the social networking platform. The report also said that third parties could post messages under user accounts. “Fortunately, these third-parties may not have realized their ability to access this information. We have reported this issue to Facebook, who has taken corrective action to help eliminate this issue” said Symantec.
FaceBook have denied these claims, saying that ‘the vast majority of tokens expire within two hours.’
KitGuru says: risk or no risk? is two hours enough to cause damage?