Facebook Fixes Privacy Issue – Full Disclosure of User Information

On August 11, 2010, a researcher post information about a bug in Facebook’s login process that revealed the full name, email address and profile picture of all 500 plus million Facebook account holders regardless of your privacy setting. The bug has recently been repaired by Facebook, but posed enormous privacy threat for Facebook users prior to the fix being implemented.

The issue stemmed from how Facebook assist the user when they attempt to login after an unsuccessful attempt. Facebook returns a special “Please re-enter your password” page, which includes the Facebook photo and full name of the person associated with their email address.  This information can be used by hackers to obtain proper information about Facebook user and can be scripted to automate the process.

What made it more interesting this bug allowed anyone, even those without an account, to obtain this information about Facebook users.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.