Access to hundreds of thousands of Facebook accounts may have accidentally been leaked because of a flaw in some applications. Security firm Symantec discovered that programs were inadvertently sharing access tokens which could be used by advertisers. It estimates that, as of last month, 100,000 applications were still enabling leaks. Facebook said that it was improving authentication methods. "We have been working with Symantec to identity issues in our authentication flow to ensure that they are more secure," Facebook's Naitik Shah wrote in a blog post on Tuesday. Spare keys In his report, Symantec's Nishant Doshi explained how access tokens act "like spare keys" to a Facebook user's account. These keys were typically given out, with the user's permission, to help applications on the Facebook platform function. With the keys, applications could access a user's profile and photographs, as well as posting messages on their wall. However, the newly-discovered weakness in the old authentication method would allow spare keys to be passed to further third-parties - likely to include advertisers - through referral data. Read more here:- http://www.bbc.co.uk/news/technology-13358293
