Facebook Bug Leaks Birthday Data

It’s not a big deal but it does show a problem with the way Facebook deals with data and how much power they have over people’s privacy.

A small slip in coding could cause much worse problems that this, plus this could have happened before but no one picked up on it. It takes a certain amount of observational skills to notice something fairly subtle like this.

A glitch in a test version of Facebook’s Web site inadvertently exposed the birthdays of Facebook’s 80 million members this week.

The bug was discovered over the weekend by Graham Cluley, a senior technology consultant at Sophos. While checking out Facebook’s new design, Cluley noticed that the birth dates of some of his privacy-obsessed acquaintances were popping up when they should have been hidden.

Facebook allows users to control who sees private information such as their birth date, which can be a valuable nugget of data for identity thieves. But Cluley discovered that the new site was making this information public to other members. “Their new profile page essentially ignored the privacy setting to withhold the data of birth,” he said.

As said, identity thieves can have a field day with the birth date, but on Facebook it’s not too much of a threat.

But as always you shouldn’t really put anything on ANY website that you don’t want other people to know about. It could get hacked, sold or like this inadvertently exposed.

“For a brief period of time, a small number of users were able to access a private beta of Facebook’s new site design meant only for developers. During that time, some of those users had their birthdays revealed due to a bug,” Facebook said Wednesday in a statement. The company could not say exactly how long this data was exposed or how many people viewed the beta site, but the bug was patched within hours of Cluley’s discovery.

Facebook may intend for the beta site to be private, but it has been open to the general public for several days. It features a new profile design that should be rolled out as an option to Facebook users some time this week.

Seems like a slip up somewhere with the development workflow, the beta site exposed to the public? The beta tree got merged with the live tree somewhere and rolled out?

I’m not exactly sure how the Facebook architecture works but I’d imagine it’s fairly complex.

Source: ComputerWorld

Posted in: Hacking News, Privacy

, , , ,

Latest Posts:

dSploit APK Download - Hacking & Security Toolkit For Android dSploit APK Download – Hacking & Security Toolkit For Android
dSploit APK Download is a Hacking & Security Toolkit For Android which can conduct network analysis and penetration testing activities.
Scallion - GPU Based Onion Hash Generator Scallion – GPU Based Onion Hash Generator
Scallion is a GPU-driven Onion Hash Generator written in C#, it lets you create vanity GPG keys and .onion addresses (for Tor's hidden services).
WiFi-Dumper - Dump WiFi Profiles and Cleartext Passwords WiFi-Dumper – Dump WiFi Profiles and Cleartext Passwords
WiFi-Dumper is an open-source Python-based tool to dump WiFi profiles and cleartext passwords of the connected access points on a Windows machine.
truffleHog - Search Git for High Entropy Strings with Commit History truffleHog – Search Git for High Entropy Strings with Commit History
truffleHog is a Python-based tool to search Git for high entropy strings, digging deep into commit history and branches. This is effective at finding secrets accidentally committed.
AIEngine - AI-driven Network Intrusion Detection System AIEngine – AI-driven Network Intrusion Detection System
AIEngine is a next-generation interactive/programmable Python/Ruby/Java/Lua and Go AI-driven Network Intrusion Detection System engine with many capabilities.
Sooty - SOC Analyst All-In-One CLI Tool Sooty – SOC Analyst All-In-One CLI Tool
Sooty is a tool developed with the task of aiding a SOC analyst to automate parts of their workflow and speed up their process.

14 Responses to Facebook Bug Leaks Birthday Data

  1. Qubit July 18, 2008 at 5:17 am #

    “A small slip in coding could cause much worse problems that this, plus this could have happened before but no one picked up on it.”

    It has happened before. When FB first released its API for developers, the program had access to everyone’s birthday even when they set otherwise in their settings.

  2. Navin July 18, 2008 at 4:02 pm #

    as mentioned, its not abt the fact tht Graham Cluley will be able to surprise all his friends by telling them their B’days….its abt the lethargic approcah tht facebook has taken towards the privacy f details of 80 million users!! BBC had come up with similar findings and explaits…….maybe you could read this


  3. Changlinn July 20, 2008 at 7:33 am #

    Thank god I have started to remove details from facebook, it really makes it a waste of time though.

  4. Nobody_Holme July 22, 2008 at 2:20 am #

    Just like to mention… the BBC did this about 3 months back. Then they blogged it, then they loled. Then facebook said “no, actually you cant do what you said you did”, then the beeb said “fail, we just did, heres some proof” then facebook said “d’oh”. (or something like that)

  5. Navin July 22, 2008 at 2:15 pm #

    @ Nobody_Holme

    the links right above Ur comment mate!!

    The BBC report was aired on the net news show “Click” for 3 whole episodes and this says a lot abt the leak.

    Simple solution……just don’t give away data that you don’t want to become public……its much more sensible than providing the data and then checking the “don’t share this with others in my network” button!!

  6. Morgan Storey August 10, 2008 at 8:04 am #

    @Navin: agreed but it is kind of sad that the net has come to this. I remember the days when you could post anything and everyone would pretty much respect your privacy. Even whois data isn’t safe a while ago someone started pranking one of my clients on her relatively new phone number, the only place we could find it was in her whois, well that has now been changed. Very sad.

  7. Navin August 10, 2008 at 10:41 am #

    ya, I still remember this TV report concerning online privacy. There was a black N white video showing a librarian who was in the national media scene coz she refused to keep a password for her library server account….she was so sure that doing this would not affect her privacy!! sheesh

    Its simple in my opinion….Instead of Giving your details and then choosing “don’t show my friends”, simply don’t provide any details at all!!

    In India, some bloggers who openly posted about politically sensitive issues, were literally hunted down and their blogs were suddenly shut down with no apparent reason…There’s very little freedom of speech…its all just in tht piece of paper we call the constitution!!

  8. lyz August 12, 2008 at 4:23 pm #

    Well with this kind of issues, they should really start working on their codes esp. with the growing number of Facebook users and the fact that most of them have a little knowledge on the technical side.

  9. Morgan Storey August 12, 2008 at 10:53 pm #

    @lyz: I am always surprised by friends and ex-collegues that have their facebook profiles open for anyone to look at, including dob and other details. Facebook needs to protect these people from themselves. Show only limited fields to any random that looks, and maybe ask for less details, saying these details aren’t required and may reduce your privacy. Though that doesn’t make good business.

  10. Morgan Storey August 16, 2008 at 9:50 am #

    @Navin: Just re-read your post, early Unix days the admins hated when AT&T put in passwords, so everyone just set there password to password, so everyone knew each others and could get in and get there work done. Times have changed so much, one day it may seem strange to post personal thoughts to a website as it is letting people in to your psyche.

  11. Navin August 16, 2008 at 4:10 pm #

    Oh yeah…privacy seems to be the keyword today…its almost like people have grown horns and a tail (I refer to the devil here incase U don’t get it!! :) ) Noone cared bout privacy earlier coz even if Ur id was hacked what would U lose??A few mails?? But now with millions of $$$ on the net, and real $$$ on the line…Privacy has certainly taken centre stage.

  12. Morgan Storey August 17, 2008 at 12:32 am #

    @Navin: very true, just interesting to see the changes. The internet is just like the real world, only a little bit behind the times. Security has not yet entered the whole common consciousness, some still “leave their door open” or just have the basic lock and key when they living in a bad a neighbourhood. The internet as a whole is a bad neighbourhood, a lot of miscreants, kids that want to get their name on a popular overpass.

    Last night I was having a discussion with a couple of non-security, non-IT, friends who had no issue with all their info being on facebook. I tried to explain that they have your name, and your DOB your identity is pretty close to forefit.

  13. Navin August 18, 2008 at 3:15 pm #

    And let me guess…they told U tht U were crazy and were reading too many hacking books….atleast tht’s wht my friends told me…they’re like ” Dude, the guys at facebook care bout our privacy!! They’ve gotten security experts working round the clock trying to protect our data”

    Ya “dude”, don’t come crying to me when Ur personal details gets stolen and misused

  14. Morgan Storey August 19, 2008 at 12:57 am #

    @Navin: yep, you are too deep into security to see the outside world they said. Besides they can only see that if I add them… but it is a leak I replied, they don’t need to add you. It is like hitting your head against a wall.