Another Facebook Hole?
(Update: Facebook have confirmed the flaw—although it’s not as serious as it looks—and have fixed it. See comments.)
The complexity of Facebook makes it likely there are holes in its privacy. But this one, if I’m right, seems to suggest that it’s possible to access someone’s private data by a social engineering trick outside Facebook.
Today I received an email invite to join Facebook from someone I’ve never heard of. Weird, firstly, because this was not someone I think I’d have known. Weird, also, because I’m already on Facebook.
Just to make sure, I clicked on the link to sign up for Facebook and took the option there to sign in with my existing account.
That took me to my usual Facebook page. No more mention of the dude wanting to be my friend. At no point was I given any option to let this person into my life or not.
So I Googled the guy’s name and, lo and behold, I find I’m already on his list of friends:
Slightly freaked out, I went back to my account to see if this person was included in my list of friends. He wasn’t.
In other words, this guy can now see all my account details, and I can’t see his. Moreover, at no point have I accepted anything. All I’ve done is click on a link that said: To sign up for Facebook, follow the link below.
What I guess has happened is what happens if you click on the profile of someone who is not a friend but has sent you a message, or asked you to be a friend. In either case, I believe, that person then gets a week’s access to your profile.
I think this is dumb. But I think it’s dangerous that anyone can email me and, if I then click on a link to check out who they are, I now cede access to my information without being able to block it, or to be able to access his Facebook profile to see what kind of person can now access my data.
- Click to share on Twitter (Opens in new window)
- Click to share on Facebook (Opens in new window)
- Click to share on Google+ (Opens in new window)
- Click to share on Pocket (Opens in new window)
- Click to share on Pinterest (Opens in new window)
- Click to share on Telegram (Opens in new window)
- Click to share on Tumblr (Opens in new window)
- Click to share on Reddit (Opens in new window)
- Click to print (Opens in new window)
- Click to email this to a friend (Opens in new window)
- Click to share on WhatsApp (Opens in new window)
- Share on Skype (Opens in new window)
16. January 2009 by jeremy
Categories: Networks, Privacy, Scams, Security | Tags: Blog hosting services, Criticism of Facebook, Facebook, Facebook features, Facebook Inc, Social information processing | 6 comments