Facebook fixes embarrassing security flaw

Facebook logo reflected in an eye Facebook privacy is once again under scrutiny

Related Stories

Facebook has rushed to fix a security flaw that allowed users to eavesdrop on the live chats of their friends and see their pending friend requests.

The exploit used the site's privacy features - intended to protect a user - to expose the personal information.

With just a few clicks users could spy on their friends' personal chat messages and see who had requested to join their network.

Facebook temporarily removed the chat facility while it fixed the flaw.

The exploit - originally reported by the blog TechCrunch - worked via an option in privacy settings that allows people to preview their profiles as it would appear to their friends.

Prompt fix

But it was never intended to show others what their friends were actually doing.

"For a limited period of time, a bug permitted some users' chat messages and pending friend requests to be made visible to their friends by manipulating the 'preview my profile' feature of Facebook privacy settings," Facebook said in a statement.

"When we received reports of the problem, our engineers promptly diagnosed it and temporarily disabled the chat function. We also pushed out a fix to take care of the visible friend requests which is now complete," it added.

The chat function will be turned back on "shortly" it said.

"For any organisation, whether you are a social networking site or not, privacy breaches are worrying," said Candid Wueest, security expert at Symantec.

"Unfortunately, this isn't the first privacy breach of its kind to plague a social networking site - other high-profile sites have also been affected with similar problems."

He praised Facebook's quick response to the issue.

"Facebook has acted quickly in fixing the alleged flaw, whereas some social networking sites have been known to take days to fix issues reported," he said.

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

More Technology stories

RSS

Features

  • NS Savannah, 1962Nuclear dream

    The ship that totally failed to change the world


  • Irvine WelshScots missed

    Five famous Scots who can't vote in the Scottish referendum


  • Balloons flying upUp, up and away

    Why the ever rising pound is not all good news


  • Espresso cup7 days quiz

    Which city serves the strongest cup of coffee?


  • Jean-Luc CourcoultGiant strides

    The enigmatic Frenchman behind Liverpool's 25ft grandmother


BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.