Facebook Swats Bug Exposing User Chats

Facebook reports it has plugged a security hole that compromised user privacy by exposing live chat sessions as well as pending friend requests.

Facebook has fixed a bug that exposed instant messages and pending friend requests.

The bug prompted the social networking site to briefly take its chat function offline May 5. According to Facebook, the flaw existed in a feature that allows users to see how their profile appears to others-a design feature meant to improve privacy.

With the bug, however, it was possible for users to see their friends' live chats and pending friend requests. According to Facebook, this could be accomplished by "manipulating the 'preview my profile' feature."

A Facebook spokesperson continued, "When we received reports of the problem, our engineers promptly diagnosed it and temporarily disabled the chat function. We also pushed out a fix to take care of the visible friend requests, which is now complete. Chat is now back up and running."

Facebook said the effects of the bug existed for a "limited amount of time," but did not elaborate. Facebook has taken some hits over privacy issues from politicians and consumer advocates in recent weeks. In addition, a survey released earlier the week of May 3 showed many people are not using the privacy controls of Facebook and other social networking sites extensively.

A video demonstrating the vulnerability that exposed user chats can be found here on TechCrunch.