Latest Facebook flaw enables users to spy bigtime


Some Facebook users shared their thoughts with far more people than they’d expected because of a glitch that shared individual “chat” messages with whole groups of friends for a short time Wednesday.

Facebook was forced to disable its live chat service temporarily yesterday, after a security flaw was discovered that put users’ privacy at risk. The offending bug allowed users to snoop on their friends’ live chat and see the full profiles of pending friend requests.

The issue was first reported by the technology news site TechCrunch who posted a video describing how the privacy bug could be exploited by some users to expose the personal information of other users.

All one needed to do to spy on their friends’ personal chat messages and see who requested to join their network, was use the site’s privacy setting to expose the personal information.

Facebook explained the shutdown on its own page: “Because of the bug, people could view friends’ chat messages and friend requests for a limited amount of time if they manipulated the ‘preview my profile’ feature in a specific way. We’ve fixed that issue.”

“We also pushed out a fix to take care of the visible friend requests which is now complete,” it stated, adding that the chat function will be turned back on shortly.

Candid Wueest, security expert at Symantec, said that it is a matter of concern when an organisation is not able to provide security.

“For any organisation, whether you are a social networking site or not, privacy breaches are worrying,” Wueest said.

“Unfortunately, this isn’t the first privacy breach of its kind to plague a social networking site – other high-profile sites have also been affected with similar problems,” he revealed.

But he also praised Facebook’s quick response to the issue.

“Facebook has acted quickly in fixing the alleged flaw, whereas some social networking sites have been known to take days to fix issues reported,” he added.

Leave a Reply

Your email address will not be published. Required fields are marked *