Facebook has plugged a security hole that exposed users’ live chat sessions and pending friend requests
Facebook has fixed a bug that exposed instant messages and pending friend requests.
The bug prompted the social networking site to briefly take its chat function offline on 5 May. According to Facebook, the flaw existed in a feature that allows users to see how their profile appears to others—a design feature meant to improve privacy.
With the bug, however, it was possible for users to see their friends’ live chats and pending friend requests. According to Facebook, this could be accomplished by “manipulating the ‘preview my profile’ feature.”
A Facebook spokesperson continued, “When we received reports of the problem, our engineers promptly diagnosed it and temporarily disabled the chat function. We also pushed out a fix to take care of the visible friend requests, which is now complete. Chat is now back up and running.”
Facebook said the effects of the bug existed for a “limited amount of time,” but did not elaborate. Facebook has taken some hits over privacy issues from politicians and consumer advocates in recent weeks. In addition, a survey released earlier the week of May 3 showed many people are not using the privacy controls of Facebook and other social networking sites extensively.
“Unfortunately, this isn’t the first privacy breach of its kind to plague a social networking site – other high profile sites have also been affected with similar problems,” said Candid Wueest, Security expert at Symantec. “We must note that once the breach had become public Facebook has acted quickly in fixing the alleged flaw, whereas some social networking sites have been known to take days to fix issues reported.
“Privacy settings lead people to be a little freer in the content they share on social networking sites, as it enables users to have control over who can see the content posted,” he added. “It is therefore important that all social networking sites regularly review the policies in which the privacy settings sit.”
A video demonstrating the vulnerability that exposed user chats can be found here on TechCrunch.