Facebook site flaw exposes live chat sessions, user data

Facebook site flaw exposes live chat sessions, user data

Summary: The problems with security and privacy on Facebook hit a new gear today with news that a site vulnerability exposed live chat sessions and other private user data.

SHARE:

The problems with security and privacy on Facebook hit a new gear today with news that a site vulnerability exposed live chat sessions and other private user data.

According to a TechCrunch Europe report, the gaping security security on the Facebook site allowed any user to view the live chats of their ‘friends’ with just a few mouse clicks.

From the article:follow Ryan Naraine on twitter

Using what sounds like a simple trick, a user can also access their friends’ latest pending friend-requests and which friends they share in common. That’s a lot of potentially sensitive information...

...The irony is that the exploit is enabled by they way that Facebook lets you preview your own privacy settings. In other words, a privacy feature contains a flaw that lets others view private information if they are aware of the exploit.

TechCrunch reported the issue to Facebook and the company pulled the live chat feature off line for what was described as  "maintenance."

This YouTube video provides a glimpse of the severity of the problem:

On the site, Facebook offered a ho-hum response to the issue:

Chat is unavailable as we work quickly to fix a bug reported to us. It should return to normal soon. Because of the bug, people could view friends’ chat messages and friend requests for a limited amount of time if they manipulated the “preview my profile” feature in a specific way. We’ve fixed that issue and took down Chat as soon as we became aware of it. We apologize for the inconvenience.

Topics: Security, Social Enterprise

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

17 comments
Log in or register to join the discussion
  • RE: Facebook site flaw exposes live chat sessions, user data

    Quick, we must make all our Windows sessions virtualized to avoid this problem even if it is a server side issue!
    Loverock Davidson
    • That would indeed be a very wise move to take.

      I can't see how that relates to facebook but that move would undoubtedly benefit the whole Web in general and windows users in particular.<br><br>By virtualizing windows you have a higher chance of successfully combating malware such as conficker which is the <a href="http://www.readwriteweb.com/cloud/2010/04/the-largest-cloud-in-the-world.php">largest cloud provider</a> in the world by far.<br><br>Successful malware such as Conficker put a huge stress on the Web infra structure. The virtualization of windows would certainly greatly help stop its spreading and day to day operation.
      OS Reload
      • RE: Facebook site flaw exposes live chat sessions, user data

        @OS Reload
        [i]I can't see how that relates to facebook[/i]

        Neither can I but that is what one ZDNet blogger actually did. When pointing out the error of his ways he whined and cried, convinced it was the only solution.
        Loverock Davidson
    • RE: Facebook site flaw exposes live chat sessions, user data

      @Loverock Davidson No. Not THAT problem. But no doubt a nice bunch of OTHER problems.

      Doesn't seem like an "all or none" thing. If it solves half the security problems which exist, that's still a lot of grief avoided.
      Snark Shark
  • RE: Facebook site flaw exposes live chat sessions, user data

    The Facebook drug. Causes people to give away everything about their life while giving nothing in return.
    Tholian_53
    • RE: Facebook site flaw exposes live chat sessions, user data

      @Tholian_53

      lol Just call it "Crackbook"... the internet's drug of choice ;)
      TheTess
  • RE: Facebook site flaw exposes live chat sessions, user data

    What is ho-hum about that? They explained the problem and that they are working on it. Should they have included a picture of their support people being set on fire? What would appease you?
    tiderulz
    • RE: Facebook site flaw exposes live chat sessions, user data

      @tiderulz Absolutely! Shoot the manager, send everyone else to Siberia naked, close the operation down, empty the databases, sell the furniture and hardware, level the building, etc., etc. Maybe THEN they'll stop with all these stoopid misteaks.
      materva
    • RE: Facebook site flaw exposes live chat sessions, user data

      @tiderulz
      MarkBult
  • Tiderulz

    No. They should have posted a video on YouTube of their support people being set on fire. That way, we could have watched them as they ran around and stuff.
    Madeleine01
  • Its not an exploit,its a feature

    Its not an exploit,its a feature.
    Stan57
    • RE: Facebook site flaw exposes live chat sessions, user data

      @Stan57

      A feature for stalkers?
      TheTess
  • RE: Facebook site flaw exposes live chat sessions, user data

    To me it's really quite simple: Anything posted to a "public" type website - including Facebook - is NOT private. Just assume the world can access that information and choose what you post accordingly.
    bobabrahams
  • RE: Facebook site flaw exposes live chat sessions, user data

    Another reason why I don't use Facebook! :-)
    Gis Bun
  • RE: Facebook site flaw exposes live chat sessions, user data

    Well done! Thank you very much for professional templates and community edition
    <a href="http://www.yuregininsesi.com">sesli sohbet</a> <a href="http://www.yuregininsesi.com">sesli chat</a>
    efsane
  • RE: Facebook site flaw exposes live chat sessions, user data

    expover microsoft internet working at sites with the
    <a href="http://www.fesbuksohbet.com" title="fesbuk" target="_blank">fesbuk</a> - and <a href="http://www.balimsohbet.com" title="sohbet odalar?" target="_blank">sohbet odalar?</a> - and <a href="http://www.manolyam.net" title="Mynet" target="_blank">mynet</a> - <a href="http://www.manolyam.net" title="Mynet sohbet" target="_blank">mynet sohbet</a> -
    turkey the microsoft is a good format is also <a href="http://www.facesohbet.net" title="face" target="_blank">face</a> -
    <a href="http://www.sohbetcide.com" title="sohbetci" target="_blank">sohbetci</a> - <a href="http://www.metin2pvpserver.net" title="metin2 pvp" target="_blank">metin2 pvp</a> -
    operiation <a href="http://www.faceboksohbet.com/">facebok</a> - <a href="http://www.twittersohbet.com/">twitter</a>
    Behaviour of desdek bigger role in these sites <a href="http://www.sohbetix.net/">sohbet</a> Microsoft A network connection to the game s dada gubve unwanted surprises
    <a href="http://www.metin2pvpserverlar.com" title="metin2 pvp serverlar" target="_blank">metin2 pvp serverlar</a> - <a href="http://www.metin2pvpindir.com" title="pvp indir" target="_blank">pvp indir</a> -
    <a href="http://www.facesohbet.net" title="facesohbet" target="_blank">facesohbet</a> -
    and <a href="http://www.twittersohbet.com/yonja-sohbet" title="yonja" target="_blank">yonja</a> - and <a href="http://www.faceboksohbet.com" title="facebok" target="_blank">facebok</a> -<a href="http://www.sexsohbeti.org" title="sex sohbet" target="_blank">sex sohbet</a> - <a href="http://www.sexmuhabbet.net" title="sex hikayeleri" target="_blank">sex hikayeleri</a> - and <a href="http://www.sohbetcide.com" title="sohbet" target="_blank">sohbet</a> - and <a href="http://www.facesohbet.net" title="facebook" target="_blank">facebook</a> - and <a href="http://www.facesohbet.net" title="fesbuk" target="_blank">fesbuk</a> - and <a href="http://www.balimsohbet.com" title="sohbet" target="_blank">sohbet</a> - and <a href="http://www.manolyam.net" title="?et" target="_blank">?et</a> - and <a href="http://www.metin2pvpindir.com" title="mt2 indir" target="_blank">mt2 indir</a> - and <a href="http://www.metin2oyunu.org/indir" title="metin2 indir" target="_blank">metin2 indir</a> - and <a href="http://www.metin2oyunu.org/resimleri" title="metin2 resimleri" target="_blank">metin2 resimleri</a> - and <a href="http://www.metin2oyunu.org/metin2-kaydol" title="metin2 kaydol" target="_blank">metin2 kaydol</a> - ang <a href="http://www.metin2oyunu.org/" title="metin2" target="_blank">metin2</a> -
    <a href="http://www.fesbuksohbet.com/fesbook-giris" title="fesbook giris" target="_blank">fesbook giris</a>
    <a href="http://www.faceboksohbet.com/tag/fesbok-giris" title="fesbok giris" target="_blank">fesbok giris</a>
    aygulum
  • good idea about facebook

    Good post, and I learn more about it. We supply various brands of camera and camcorder batteries, including Canon, Casio, Fuji, JVC, Nikon, Olympus, Panasonic, Sumsung and other brands. Buy Buy <a href="http://www.dealingway.com/Wholesale-samsung_c246">samsung camera batteries</a> from dealingway at wholesale price.J4YFT
    gavin.chan