Sometimes a little publicity doesn’t hurt. Case in point is the Facebook security issue publicized today on the FBHive blog.
Fifteen days ago, the authors of the FBHive blog pulled Facebook’s coat to point out a security hole that could be exploited to reveal private information. They say it “received little attention.” So it was that on June 22 they decided to go public with their findings. That same day, Facebook stepped in and swatted the bug.
“We here at FBHive are fans of Facebook, but when a security hole as big as this is discovered and brought to their attention, it shouldn’t take 15 days to fix,” according to the blog.
The duo that runs FBHive did not provide details of the exploit or what the vulnerability was. But what is clear is that the bug allows hackers to sneak their way past the cyber-security guards protecting information on the site and get a peek at private profiles. This even goes for profiles that are completely hidden.
As proof of their exploit, the bloggers posted profile information for Facebook founder Mark Zuckerberg, Digg founder Kevin Rose and Boing Boing Co-editor Cory Doctorow.
“With a simple hack, everything listed in a person’s ‘Basic Information’ section can be viewed, no matter what their privacy settings are,” according to the blog. “This information includes networks, sex, birthday, hometown, siblings, parents, relationship status, interested in, looking for, political views and religious views.”
Facebook has touted its security features in the past, but problems with phishing, malware and general vulnerabilities have reared their ugly heads more than once. In 2008, for example, a vulnerability allowed Facebook users to view other people’s private photos through the mobile version of the site.
Back at FBHive, the authors promise more information to come. In the meantime, at least there is one less bug buzzing around.