advertisement
advertisement
advertisement

Major Facebook Security Flaw Makes Private Chats and Requests Public

Facebook suffered a major lapse in security this morning when it was discovered that private chats and requests could be seen by anybody, adding fuel to the rapidly growing fire of concern over Facebook’s questionable ability to provide adequate privacy.

facebook

advertisement

This morning, Facebook users discovered that by using the “Preview My Profile” option, a user’s private chats and requests became visible. In the words of TechCrunch, the original reporter of the story:

Today I was tipped off that there is a major security flaw in the social networking site that, with just a few mouse clicks, enables any user to view the live chats of their ‘friends’. Using what sounds like a simple trick, a user can also access their friends’ latest pending friend-requests and which friends they share in common. That’s a lot of potentially sensitive information.

Facebook reacted quickly, immediately disabling the entire Facebook Chat function and issuing a fix for the problem of visible friend requests. But this is just another in a seemingly endless line of gaffes that have some questioning Facebook’s commitment to privacy. Dan Yoder’s recent “10 Reasons Why You Should Quit Facebook” includes frequently heard arguments (some reasonable, some not) that have become almost a refrain when talking about Facebook. The social network is currently under Congressional investigation, and its decision to “pre-approve” certain partners for access to user data has raised ire–and that’s only in the past few weeks.

Facebook can’t afford major mistakes like this. Their official response, as expected, downplays the importance and severity of the security lapse:

For a limited period of time, a bug permitted some users’ chat messages and pending friend requests to be made visible to their friends by manipulating the ‘preview my profile’ feature of Facebook privacy settings. When we received reports of the problem, our engineers promptly diagnosed it and temporarily disabled the chat function. We also pushed out a fix to take care of the visible friend requests, which is now complete. Chat will be turned back on across the site shortly. We worked quickly to resolve this matter, ensuring that once the bug was reported to us, a solution was quickly found and implemented.

Mostly, users don’t want to think about security, and will ignore potential problems that remain under the surface. But if Facebook keeps insisting on screwing up, loudly, in public, they’re going to start to lose users.

Dan Nosowitz, the author of this post, can be followed on Twitter, corresponded with via email, and stalked in San Francisco (no link for that one–you’ll have to do the legwork yourself).

advertisement
advertisement

About the author

Dan Nosowitz is a freelance writer and editor who has written for Popular Science, The Awl, Gizmodo, Fast Company, BuzzFeed, and elsewhere. He holds an undergraduate degree from McGill University and currently lives in Brooklyn, because he has a beard and glasses and that's the law

More