Facebook hack steamrollers privacy settings

The hack - reported on the FBHive blog towards the start of June - allowed anyone with knowledge of the flaw to bypass users' security settings and view their private information, no matter what their privacy settings.

Apparently frustrated with the fact that their warnings were going unheeded, FBHIve `went public' with broad details of the flaw on Monday morning. The problem was then reportedly fixed by Facebook later in the day.

"We here at FBHive are fans of Facebook, but when a security hole as big as this is discovered and brought to their attention, it shouldn't take 15 days to fix," said the blog.

As proof of their exploits, the two bloggers behind FBHive posted profile information for Facebook founder Mark Zuckerberg, Digg founder Kevin Rose and Boing Boing's editor Cory Doctorow.

Because of the complexity of Facebook's portal software, and the fact that numerous code hooks (APIs) exist in the portal's source code application, the site has been hit with several security problems.

Last year, for example, a security vulnerability allowed Facebook users to view other users private photos through the mobile phone version of the site.

 

What’s Hot on Infosecurity Magazine?