Facebook fixes embarrassing security flaw

Facebook logo reflected in an eye Facebook privacy is once again under scrutiny

Related Stories

Facebook has rushed to fix a security flaw that allowed users to eavesdrop on the live chats of their friends and see their pending friend requests.

The exploit used the site's privacy features - intended to protect a user - to expose the personal information.

With just a few clicks users could spy on their friends' personal chat messages and see who had requested to join their network.

Facebook temporarily removed the chat facility while it fixed the flaw.

The exploit - originally reported by the blog TechCrunch - worked via an option in privacy settings that allows people to preview their profiles as it would appear to their friends.

Prompt fix

But it was never intended to show others what their friends were actually doing.

"For a limited period of time, a bug permitted some users' chat messages and pending friend requests to be made visible to their friends by manipulating the 'preview my profile' feature of Facebook privacy settings," Facebook said in a statement.

"When we received reports of the problem, our engineers promptly diagnosed it and temporarily disabled the chat function. We also pushed out a fix to take care of the visible friend requests which is now complete," it added.

The chat function will be turned back on "shortly" it said.

"For any organisation, whether you are a social networking site or not, privacy breaches are worrying," said Candid Wueest, security expert at Symantec.

"Unfortunately, this isn't the first privacy breach of its kind to plague a social networking site - other high-profile sites have also been affected with similar problems."

He praised Facebook's quick response to the issue.

"Facebook has acted quickly in fixing the alleged flaw, whereas some social networking sites have been known to take days to fix issues reported," he said.

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

More Technology stories

RSS

Features

  • RihannaCloud caution

    After celebrity leaks, what can you do to safeguard your photos?


  • Cesc FabregasFair price?

    Have some football clubs overpaid for their new players?


  • Woman and hairdryerBlow back

    Would banning high-power appliances actually save energy?


  • Rack of lambFavourite feast

    Is the UK unusually fond of lamb and potatoes?


  • Members of staff at James Stevenson Flags hold a Union Jack and Saltire flag UK minus Scotland

    Does the rest of the UK care if the Scots become independent?


BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.