Facebook site flaw exposes live chat sessions, user data

Summary:The problems with security and privacy on Facebook hit a new gear today with news that a site vulnerability exposed live chat sessions and other private user data.

The problems with security and privacy on Facebook hit a new gear today with news that a site vulnerability exposed live chat sessions and other private user data.

According to a TechCrunch Europe report, the gaping security security on the Facebook site allowed any user to view the live chats of their ‘friends’ with just a few mouse clicks.

From the article:

follow Ryan Naraine on twitter

Using what sounds like a simple trick, a user can also access their friends’ latest pending friend-requests and which friends they share in common. That’s a lot of potentially sensitive information...

...The irony is that the exploit is enabled by they way that Facebook lets you preview your own privacy settings. In other words, a privacy feature contains a flaw that lets others view private information if they are aware of the exploit.

TechCrunch reported the issue to Facebook and the company pulled the live chat feature off line for what was described as  "maintenance."

This YouTube video provides a glimpse of the severity of the problem:

On the site, Facebook offered a ho-hum response to the issue:

Chat is unavailable as we work quickly to fix a bug reported to us. It should return to normal soon. Because of the bug, people could view friends’ chat messages and friend requests for a limited amount of time if they manipulated the “preview my profile” feature in a specific way. We’ve fixed that issue and took down Chat as soon as we became aware of it. We apologize for the inconvenience.

Topics: Security, Social Enterprise

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.