IDG News Service - A bug allowed Facebook users to view their friends' chat sessions on the site, prompting the social-networking company to disable its internal instant-messaging service. The bug also let people see their friends' pending friend requests.
To exploit the now-patched hole, people had to manipulate "in a specific way" the site's feature that lets members preview how their profile looks to each of their friends, Facebook said Wednesday on its official corporate page on the site.
The vulnerability existed "for a limited amount of time," the company said. The chat function is now working again.
Technology news site TechCrunch first reported the bug and posted a video that demonstrates how the bug could be exploited.
"When we received reports of the problem, our engineers promptly diagnosed it and temporarily disabled the chat function," a Facebook spokeswoman said via e-mail.
"We worked quickly to resolve this matter, ensuring that once the bug was reported to us, a solution was quickly found and implemented," she added.
When asked how long the vulnerability existed, she replied: "We don't have specifics on how long the vulnerability existed, but it was for a short period of time."
John Simpson, an official with Consumer Watchdog, was displeased with the incident. "Once again we see what happens when companies push the technological envelope with little concern for consumers' privacy rights," he said via e-mail.
The bug reinforces the Electronic Frontier Foundation's blanket recommendation for users on Facebook, said Peter Eckersley, an EFF senior staff technologist.
"What you don't want the world to know about, don't put it on Facebook," he said in a phone interview.
"Facebook's security engineering is improving, but it's still not good enough that we'd ever advise people to put private, sensitive information there," Eckersley said.
The bug comes at a time when privacy concerns regarding Facebook have heated up, after the company recently introduced features that allow third-party Web sites to tap into users' profile data to personalize their experience for them.
Two weeks ago, Facebook announced it had revamped its application development platform so that its site and external sites can mesh their users' "social graphs" to individually customize their interaction with them.
"People can have instantly social and personalized experiences everywhere they go," said Mark Zuckerberg, Facebook's CEO.
Key to this vision is Facebook's Open Graph API (application programming interface) and Open Graph Protocol, a system to mark up objects in a uniform way so that Facebook and participating sites can understand them the same way.
Facebook also released plug-ins for developers to easily incorporate on their Web pages Facebook functionality, such as the already widespread "Like" button, which lets end-users express interest in content and inform participating Web sites.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts