Facebook Messaging Glitch Raises Fresh Privacy Concerns

Social networking behemoth Facebook reported a glitch in a software update that caused users' private messages to land in the wrong in-boxes, stoking new fears over the site's security.

The ubiquitous social networking site Facebook says a technical glitch resulted in the Website temporarily sending private messages to the wrong users' inboxes.

A Facebook spokesperson released a statement via e-mail acknowledging the problem and explained that while the problem was being fixed, the affected users were not able to access the site. "During our regular code push yesterday evening, a bug caused some misrouting to a small number of users for a short period of time," the statement read. "Our engineers diagnosed the problem moments after it began and worked diligently to get everything back in its rightful place."

The statement did not include specifics on how widespread the problem was or how long it took the company to fix the hiccup.

The incident puts Facebook back in the security spotlight as questions are again raised regarding the level of security and privacy of its users' accounts. In November 2009, researchers at Symantec found a Trojan that uses Facebook to communicate with a command and control server. The malware works by contacting the mobile version of Facebook and using its Notes section.

Increasing scrutiny led to the adoption of updated privacy controls in December 2009, again drawing a mix of criticism and support. These features include the ability to control who sees what piece of content on a user's page, a Transition Tool and simplified privacy settings. Facebook also rolled out a Publisher Privacy Control, which enables users to select a privacy setting for every post they make at the time they create it. In addition, the company eliminated regional networks in favor of four basic control settings-friends, friends of friends, everyone and customized.

As social networking sites like Facebook, LinkedIn and Twitter continue to grow in popularity, there is a fear in the business community that their security is being threatened. Earlier this month, IT security and data protection firm Sophos released the results of a survey indicating an "alarming rise" in attacks on users of social networks. Sophos surveyed more than 500 organizations, and discovered 72 percent are concerned employee behavior on social networking sites exposes their businesses to danger and puts corporate infrastructure-and the sensitive data stored on it-at risk.

Facebook was the most feared of all, with 60 percent naming the network-by far the largest, with 350 million users-as posing the greatest security risk. The company's Threat Report also reveals that 49 percent of firms allow all their staff unfettered access to Facebook, a 13 percent rise from a year ago.

"The grim irony is that just as companies are loosening their attitude to staff activity on social networks, the threat of malware, spam, phishing and identity theft on Facebook is increasing," said Sophos Senior Technology Consultant Graham Cluley. "However, social networks can be an essential part of the business mix today, and the answer is not to bar staff from participating in them but to apply some 'social security' instead."