Symantec is talking rubbish when it claimed that a flaw on Facebook was giving personal data to advertisers.
Symantec claimed that keys which would have given advertisers access to Facebook accounts were being accidentally shipped to them. The insecurity outfit admitted that the advertisers probably did not know that Facebook had given them such powers.
However Facebook trashed the comment saying that it appreciated Symantec raising this issue and we worked with them to address it immediately But the whole thing was pretty silly. The keys expired after two hours and no private information could have been passed to third parties. Facebook added that there were contractual obligations of advertisers and developers, which prohibit them from obtaining or sharing user information in a way that violates Facebook policies.
Facebook denied there was any security scare and people should not be worried. However it has fixed that particular problem, just in case anyone was spooked.