Facebook patches photo and name-scraping flaw

Facebook has dealt with a bug in its login page that potentially exposed user's names and photos to phishers and spammers.

The company said on Tuesday that the hole had been closed, almost a week after it was exposed by a security researcher. "We have technical systems in place to prevent people's names and profile photos from showing to unrelated users upon login, but a recently-introduced bug temporarily prevented these from working as intended," Facebook said in a statement. "We remedied the situation swiftly."

The bug was revealed on the Full Disclosure mailing list on 11 August by security researcher Atul Agarwal, who noticed that entering an email address on the Facebook login page would return the username and photo associated with the address, even without a valid password. The bug was on the login page for an appreciable amount of time, said the researcher.

For more of this story, read Facebook patches photo and name-scraping flaw on ZDNet UK.