Facebook said it has fixed a bug that opened up certain personal information to third parties. (ROBERT GALBRAITH/REUTERS)

A report from Symantec on Tuesday revealed that an outdated string of code in certain applications accidentally granted third parties access to Facebook users’ chats, profiles and photographs and would have allowed outside companies to post on users’ walls. The security firm said it fears that millions of access tokens may have been leaked since the network introduced applications in 2007.

A Facebook spokesman said Tuesday the social network has fixed the problem and that its investigation found no evidence that the leak was ever used to share private information with unauthorized third parties.

Facebook also pointed out that the Symantec report ignores the “contractual obligations of advertisers and developers which prohibit them from obtaining or sharing user information in a way that violates our policies.”

Concerned customers should change their Facebook passwords to completely lock out any third parties who may have caught on to the weakness.

(Post Co. Chairman and Chief Executive Donald E. Graham sits on Facebook’s board of directors, and the newspaper and many Post staffers use Facebook for marketing purposes.)

Related stories:

Facebook rolls out new security features, answers Sophos letter

Security firm calls on Facebook to step up its game

Facebook offering site-wide ‘HTTPS’ security