Facebook has fixed a bug that exposed instant messages and pending friend requests.

The bug prompted the social networking site to briefly take its chat function offline on 5 May. According to Facebook, the flaw existed in a feature that allows users to see how their profile appears to others—a design feature meant to improve privacy.

With the bug, however, it was possible for users to see their friends’ live chats and pending friend requests. According to Facebook, this could be accomplished by “manipulating the ‘preview my profile’ feature.”

Quick fix

A Facebook spokesperson continued, “When we received reports of the problem, our engineers promptly diagnosed it and temporarily disabled the chat function. We also pushed out a fix to take care of the visible friend requests, which is now complete. Chat is now back up and running.”

Facebook said the effects of the bug existed for a “limited amount of time,” but did not elaborate. Facebook has taken some hits over privacy issues from politicians and consumer advocates in recent weeks. In addition, a survey released earlier the week of May 3 showed many people are not using the privacy controls of Facebook and other social networking sites extensively.

“Unfortunately, this isn’t the first privacy breach of its kind to plague a social networking site – other high profile sites have also been affected with similar problems,” said Candid Wueest, Security expert at Symantec. “We must note that once the breach had become public Facebook has acted quickly in fixing the alleged flaw, whereas some social networking sites have been known to take days to fix issues reported.

“Privacy settings lead people to be a little freer in the content they share on social networking sites, as it enables users to have control over who can see the content posted,” he added. “It is therefore important that all social networking sites regularly review the policies in which the privacy settings sit.”

A video demonstrating the vulnerability that exposed user chats can be found here on TechCrunch.

Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Share
Published by
Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved
Tags: Facebook

Recent Posts

Spyware Maker NSO Group Found Liable In US Court

Landmark ruling finds NSO Group liable on hacking charges in US federal court, after Pegasus…

1 day ago

Microsoft Diversifying 365 Copilot Away From OpenAI

Microsoft reportedly adding internal and third-party AI models to enterprise 365 Copilot offering as it…

1 day ago

Albania Bans TikTok For One Year After Stabbing

Albania to ban access to TikTok for one year after schoolboy stabbed to death, as…

1 day ago

Foldable Shipments Slow In China Amidst Global Growth Pains

Shipments of foldable smartphones show dramatic slowdown in world's biggest smartphone market amidst broader growth…

1 day ago

Google Proposes Remedies After Antitrust Defeat

Google proposes modest remedies to restore search competition, while decrying government overreach and planning appeal

1 day ago

Sega Considers Starting Own Game Subscription Service

Sega 'evaluating' starting its own game subscription service, as on-demand business model makes headway in…

1 day ago