Facebook flaw exposes live chats

The flaw also allowed Facebook members to view other people's pending friend requests.

The social networking site, which has more than 400 million active users, was forced to suspend the live chat function until engineers were able to fix the problem.

The flaw was in the Facebook feature that allows users to view their own privacy settings and could be easily exploited to view others' private information, according to TechCrunch blogger Steve O'Hear, who alerted the social networking site.

Facebook said its engineers worked quickly to resolve the matter, ensuring that once the flaw was reported, a solution was found quickly and implemented.

"We also pushed out a fix to take care of the visible friend requests, which is now complete", the company said.

Candid Wueest, security expert at Symantec, commended Facebook for acting quickly to fix the problem, but said all social networking sites should review privacy settings regularly.

"Privacy settings lead people to be a little freer in the content they share on social networking sites, as it enables users to have control over who can see the content posted", he said.

"It is therefore important that all social networking sites regularly review the policies in which the privacy settings sit."

The incident comes as 15 consumer groups filed a complaint about Facebook's privacy settings with the US Federal Trade Commission (FTC).

The complaint calls on the FTC to investigate Facebook's privacy practices and force it to take steps to better guard against security breaches, according to US reports.

Earlier this month, consumer groups stepped up criticism of Facebook when the company added facilities to enable users to tell their friends about products and websites they like.

While adding those tools, Facebook altered how a user's profile information is classified and disclosed, disclosing information that users previously restricted, according to the complaint.

Facebook said the company could not comment until after it reviewed the complaint to the FTC.

This article was first published by Computer Weekly

What’s hot on Infosecurity Magazine?