The social networking sites had both been overgenerous in giving out access rights to their servers As a result, Flash applets hosted on a malicious website would have been able to read all Facebook data for, or write messages apparently originating from, visitors to the malicious site