Facebook loophole reveals names, pictures with sign-on errors

Summary:A bug in the way Facebook handles mis-entered passwords unwittingly exposes full names and profile photos of its users.

It looks like there's yet another little bug that compromises the privacy of Facebook users--all 500 million of them--and it doesn't matter how a user has set the account's privacy settings.

The bug can be found in the error page that comes when a user attempts to sign in but types in the wrong password. The system automatically populates the error page with that user's first and last names, along with the profile picture, and gives the user the chance to re-enter the password.

Now, that's kind of helpful--not can't-live-without-it helpful--but still a nice feature for the user. But what if you type in someone else's e-mail address with the wrong password? Yup, you guessed it: full name and a profile pic for that person.

Read more of "Facebook loophole reveals names, pictures with sign-on errors" at ZDNet.com.

Topics: CXO, Browser, Data Management, IT Employment, Legal, Networking, Privacy, Security, Social Enterprise

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.