The security firm Symantec issued a report this week that alerts Facebook users to an error in Facebook's systems. The error allowed third-party access to users' information that resulted in the release of that information far and wide. Symantec advised those who may be affected to change their password on the site.
The problem involves 'tokens' which give outside developers access to your information including friends list, 'likes', personal information, photos when you use games such as Farmville or even surveys such as "What Star Wars Character Do You Most Resemble?"
Facebook responded by changing how developers can access private data in response to prevent future leaks of this data going forward. They also emphasized that the third parties may not have even realized the information was shared improperly and that the tokens expire within two hours. The developers' contracts with Facebook also prohibit unauthorized use of personal data.
According to Symantec, "there is no good way to estimate how many access tokens have already been leaked since they release Facebook applications back in 2007. We fear a lot of these tokens might still be available in log files of third-party servers or still being actively used by advertisers. Concerned Facebook users can change their Facebook passwords to invalidate leaked access tokens. Changing the password invalidates these tokens and is equivalent to “changing the lock” on your Facebook profile."
Symantec's full report can be read here.
This leak of data occurred despite whatever privacy settings you may have set up, unless you blocked all access of information to third parties and don't use any of the Facebook games or apps. Facebook's blog highlighted some general steps you can take to keep your data more secure back on January 26th (Data Security Day) such as enabling secure logins and notifications of unusual sign-ins.
It is a good idea also to review these recommendations with your friends and family. First, because you don't want them to have their own private information shared with the wider world, but also importantly, these third parties also could access information about you via your Facebook friends' accounts. Take the time to review your Privacy Settings accessible through the Account menu.