According to Symantec researchers, an old Facebook bug may have provided access to millions of user's photos, profiles and other personal data.

"The flaw, which the researchers estimate has affected hundreds of thousands of applications, exposed user access tokens to advertisers and others," writes The Register's Dan Goodin. "The tokens serve as a spare set of keys that Facebook apps use to perform certain actions on behalf of the user, such as posting messages to a Facebook wall or sending RSVP replies to invitations."

"Facebook users can close this potential security hole by changing their passwords, which immediately revokes all previously issued keys," Goodin writes.

Go to "Facebook caught exposing millions of user credentials" to read the details.

For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.