Facebook Bug Leaks Birthday Data

Keep on Guard!

It’s not a big deal but it does show a problem with the way Facebook deals with data and how much power they have over people’s privacy.

A small slip in coding could cause much worse problems that this, plus this could have happened before but no one picked up on it. It takes a certain amount of observational skills to notice something fairly subtle like this.

A glitch in a test version of Facebook’s Web site inadvertently exposed the birthdays of Facebook’s 80 million members this week.

The bug was discovered over the weekend by Graham Cluley, a senior technology consultant at Sophos. While checking out Facebook’s new design, Cluley noticed that the birth dates of some of his privacy-obsessed acquaintances were popping up when they should have been hidden.

Facebook allows users to control who sees private information such as their birth date, which can be a valuable nugget of data for identity thieves. But Cluley discovered that the new site was making this information public to other members. “Their new profile page essentially ignored the privacy setting to withhold the data of birth,” he said.

As said, identity thieves can have a field day with the birth date, but on Facebook it’s not too much of a threat.

But as always you shouldn’t really put anything on ANY website that you don’t want other people to know about. It could get hacked, sold or like this inadvertently exposed.

“For a brief period of time, a small number of users were able to access a private beta of Facebook’s new site design meant only for developers. During that time, some of those users had their birthdays revealed due to a bug,” Facebook said Wednesday in a statement. The company could not say exactly how long this data was exposed or how many people viewed the beta site, but the bug was patched within hours of Cluley’s discovery.

Facebook may intend for the beta site to be private, but it has been open to the general public for several days. It features a new profile design that should be rolled out as an option to Facebook users some time this week.

Seems like a slip up somewhere with the development workflow, the beta site exposed to the public? The beta tree got merged with the live tree somewhere and rolled out?

I’m not exactly sure how the Facebook architecture works but I’d imagine it’s fairly complex.

Source: ComputerWorld

Posted in: Hacking News, Privacy

, , , ,

Latest Posts:

OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.

14 Responses to Facebook Bug Leaks Birthday Data

  1. Qubit July 18, 2008 at 5:17 am #

    “A small slip in coding could cause much worse problems that this, plus this could have happened before but no one picked up on it.”

    It has happened before. When FB first released its API for developers, the program had access to everyone’s birthday even when they set otherwise in their settings.

  2. Navin July 18, 2008 at 4:02 pm #

    as mentioned, its not abt the fact tht Graham Cluley will be able to surprise all his friends by telling them their B’days….its abt the lethargic approcah tht facebook has taken towards the privacy f details of 80 million users!! BBC had come up with similar findings and explaits…….maybe you could read this


  3. Changlinn July 20, 2008 at 7:33 am #

    Thank god I have started to remove details from facebook, it really makes it a waste of time though.

  4. Nobody_Holme July 22, 2008 at 2:20 am #

    Just like to mention… the BBC did this about 3 months back. Then they blogged it, then they loled. Then facebook said “no, actually you cant do what you said you did”, then the beeb said “fail, we just did, heres some proof” then facebook said “d’oh”. (or something like that)

  5. Navin July 22, 2008 at 2:15 pm #

    @ Nobody_Holme

    the links right above Ur comment mate!!

    The BBC report was aired on the net news show “Click” for 3 whole episodes and this says a lot abt the leak.

    Simple solution……just don’t give away data that you don’t want to become public……its much more sensible than providing the data and then checking the “don’t share this with others in my network” button!!

  6. Morgan Storey August 10, 2008 at 8:04 am #

    @Navin: agreed but it is kind of sad that the net has come to this. I remember the days when you could post anything and everyone would pretty much respect your privacy. Even whois data isn’t safe a while ago someone started pranking one of my clients on her relatively new phone number, the only place we could find it was in her whois, well that has now been changed. Very sad.

  7. Navin August 10, 2008 at 10:41 am #

    ya, I still remember this TV report concerning online privacy. There was a black N white video showing a librarian who was in the national media scene coz she refused to keep a password for her library server account….she was so sure that doing this would not affect her privacy!! sheesh

    Its simple in my opinion….Instead of Giving your details and then choosing “don’t show my friends”, simply don’t provide any details at all!!

    In India, some bloggers who openly posted about politically sensitive issues, were literally hunted down and their blogs were suddenly shut down with no apparent reason…There’s very little freedom of speech…its all just in tht piece of paper we call the constitution!!

  8. lyz August 12, 2008 at 4:23 pm #

    Well with this kind of issues, they should really start working on their codes esp. with the growing number of Facebook users and the fact that most of them have a little knowledge on the technical side.

  9. Morgan Storey August 12, 2008 at 10:53 pm #

    @lyz: I am always surprised by friends and ex-collegues that have their facebook profiles open for anyone to look at, including dob and other details. Facebook needs to protect these people from themselves. Show only limited fields to any random that looks, and maybe ask for less details, saying these details aren’t required and may reduce your privacy. Though that doesn’t make good business.

  10. Morgan Storey August 16, 2008 at 9:50 am #

    @Navin: Just re-read your post, early Unix days the admins hated when AT&T put in passwords, so everyone just set there password to password, so everyone knew each others and could get in and get there work done. Times have changed so much, one day it may seem strange to post personal thoughts to a website as it is letting people in to your psyche.

  11. Navin August 16, 2008 at 4:10 pm #

    Oh yeah…privacy seems to be the keyword today…its almost like people have grown horns and a tail (I refer to the devil here incase U don’t get it!! :) ) Noone cared bout privacy earlier coz even if Ur id was hacked what would U lose??A few mails?? But now with millions of $$$ on the net, and real $$$ on the line…Privacy has certainly taken centre stage.

  12. Morgan Storey August 17, 2008 at 12:32 am #

    @Navin: very true, just interesting to see the changes. The internet is just like the real world, only a little bit behind the times. Security has not yet entered the whole common consciousness, some still “leave their door open” or just have the basic lock and key when they living in a bad a neighbourhood. The internet as a whole is a bad neighbourhood, a lot of miscreants, kids that want to get their name on a popular overpass.

    Last night I was having a discussion with a couple of non-security, non-IT, friends who had no issue with all their info being on facebook. I tried to explain that they have your name, and your DOB your identity is pretty close to forefit.

  13. Navin August 18, 2008 at 3:15 pm #

    And let me guess…they told U tht U were crazy and were reading too many hacking books….atleast tht’s wht my friends told me…they’re like ” Dude, the guys at facebook care bout our privacy!! They’ve gotten security experts working round the clock trying to protect our data”

    Ya “dude”, don’t come crying to me when Ur personal details gets stolen and misused

  14. Morgan Storey August 19, 2008 at 12:57 am #

    @Navin: yep, you are too deep into security to see the outside world they said. Besides they can only see that if I add them… but it is a leak I replied, they don’t need to add you. It is like hitting your head against a wall.