It’s not a big deal but it does show a problem with the way Facebook deals with data and how much power they have over people’s privacy.
A small slip in coding could cause much worse problems that this, plus this could have happened before but no one picked up on it. It takes a certain amount of observational skills to notice something fairly subtle like this.
A glitch in a test version of Facebook’s Web site inadvertently exposed the birthdays of Facebook’s 80 million members this week.
The bug was discovered over the weekend by Graham Cluley, a senior technology consultant at Sophos. While checking out Facebook’s new design, Cluley noticed that the birth dates of some of his privacy-obsessed acquaintances were popping up when they should have been hidden.
Facebook allows users to control who sees private information such as their birth date, which can be a valuable nugget of data for identity thieves. But Cluley discovered that the new site was making this information public to other members. “Their new profile page essentially ignored the privacy setting to withhold the data of birth,” he said.
As said, identity thieves can have a field day with the birth date, but on Facebook it’s not too much of a threat.
But as always you shouldn’t really put anything on ANY website that you don’t want other people to know about. It could get hacked, sold or like this inadvertently exposed.
“For a brief period of time, a small number of users were able to access a private beta of Facebook’s new site design meant only for developers. During that time, some of those users had their birthdays revealed due to a bug,” Facebook said Wednesday in a statement. The company could not say exactly how long this data was exposed or how many people viewed the beta site, but the bug was patched within hours of Cluley’s discovery.
Facebook may intend for the beta site to be private, but it has been open to the general public for several days. It features a new profile design that should be rolled out as an option to Facebook users some time this week.
Seems like a slip up somewhere with the development workflow, the beta site exposed to the public? The beta tree got merged with the live tree somewhere and rolled out?
I’m not exactly sure how the Facebook architecture works but I’d imagine it’s fairly complex.
- Dradis v2.9 – Information Sharing For Security Assessments
- MagicTree v1.3 Available For Download – Pentesting Productivity
- Kvasir – Penetration Testing Data Management Tool
- Yes – We Now Have A Facebook Page – So Please Like It!
- FBController – The Ultimate Utility to Control Facebook Accounts
- Apple, Facebook & Hundreds More Hacked By 0-Day Java Exploit
Most Read in General Hacking:
- 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) - 1,137,284 views
- Hack Tools/Exploits - 581,163 views
- Password Cracking with Rainbowcrack and Rainbow Tables - 414,147 views