Facebook leaked user data to advertisers
The security company found that some application on the social networking site left holes wide open for third parties to post content to profiles or even read user chats and messages.
"Fortunately, these third-parties may not have realized their ability to access this information," Nishant Doshi of Symantec wrote in a blog post. "We have reported this issue to Facebook, who has taken corrective action to help eliminate this issue."
Around 20 million Facebook applications are installed each day. Users actively play games and use applications for sharing and other means assuming their privacy is protected. Symantec estimated that at least 100,000 Facebook applications leaked data.
"We estimate that over the years, hundreds of thousands of applications may have inadvertently leaked millions of access tokens to third parties," Doshi said
"Concerned Facebook users can change their Facebook passwords to invalidate leaked access tokens," he added. "Changing the password invalidates these tokens and is equivalent to 'changing the lock' on your Facebook profile."
Symantec said Facebook has acknowledged the problem and is seeking to fix the error.