A Facebook Security Flaw Enabled Users to View Their Friends’ Live Chats
Yesterday I joked that we had a new anti-Facebook story every day but, well, it’s barely a joke at this point. For any of you who noticed that the Facebook chat function was down this morning, it’s because someone figured out that a flaw in Facebook’s privacy settings would enable you to view the live chats of your friends. Oops, that’s not good.
The guys who discovered the flaw tipped off TechCrunch as well as making a video of them using the exploit. Basically the way it worked was that users who employed the privacy function to see what their profile looks like to another user could then go into that other user’s chats. If this function was originally created to help people hide information from certain people, then this was a pretty enormous back fire.
TechCrunch posted about the flaw and was soon sent a response from Facebook:
“For a limited period of time, a bug permitted some users’ chat messages and pending friend requests to be made visible to their friends by manipulating the “preview my profile” feature of Facebook privacy settings. When we received reports of the problem, our engineers promptly diagnosed it and temporarily disabled the chat function. We also pushed out a fix to take care of the visible friend requests which is now complete. Chat will be turned back on across the site shortly. We worked quickly to resolve this matter, ensuring that once the bug was reported to us, a solution was quickly found and implemented.”
So at least they fixed it quickly but, really, this is another sign that we probably should think twice about trusting Facebook with all of our information. However, we know that the vast majority of people aren’t ever going to hear these unsettling stories and, those that do, probably aren’t going to give up their precious Facebook. We can only hope, then, that this heightened scrutiny will show the company that the tech community is holding them to a higher standard and that will eventually lead to less and less little boo boos like the one today.
(Check out the original TechCrunch post with the video of the exploit)
Have a tip we should know? [email protected]