Demo Site

Saturday, May 8, 2010

Facebook took chat feature offline to plug gaping privacy hole

If you've been wondering why Facebook chat was mysteriously "down for maintenance" during normally high-usage hours, it's because they were alerted to a pretty serious security hole in their privacy settings.


The hole allowed for what can only be called one of the easiest exploits in recent memory; it allowed any Facebook user to see his or her friends' live chats and pending friend requests just by typing their names in the site's built-in privacy preview page.


Facebook's Reaction:-

"For a limited period of time, a bug permitted some users' chat messages and pending friend requests to be made visible to their friends by manipulating the "preview my profile" feature of Facebook privacy settings. When we received reports of the problem, our engineers promptly diagnosed it and temporarily disabled the chat function. We also pushed out a fix to take care of the visible friend requests which is now complete. Chat will be turned back on across the site shortly. We worked quickly to resolve this matter, ensuring that once the bug was reported to us, a solution was quickly found and implemented.”


Post a Comment