Facebook bug exposes private chats

The company has patched the security hole and is working on restoring instant messaging service on its site

A bug allowed Facebook users to view their friends' chat sessions on the site, prompting the social-networking company to disable its internal instant-messaging service. The bug also let people see their friends' pending friend requests.

To exploit the now-patched hole, people had to manipulate "in a specific way" the site's feature that lets members preview how their profile looks to each of their friends, Facebook said Wednesday on its official corporate page on the site.

The vulnerability existed "for a limited amount of time," the company said. The chat function is now working again.

Technology news site TechCrunch first reported the bug and posted a video that demonstrates how the bug could be exploited.

"When we received reports of the problem, our engineers promptly diagnosed it and temporarily disabled the chat function," a Facebook spokeswoman said via e-mail.

"We worked quickly to resolve this matter, ensuring that once the bug was reported to us, a solution was quickly found and implemented," she added.

When asked how long the vulnerability existed, she replied: "We don't have specifics on how long the vulnerability existed, but it was for a short period of time."

The bug comes at a time when privacy concerns regarding Facebook have heated up, after the company recently introduced features that allow third-party Web sites to tap into users' profile data to personalize their experience for them.

Two weeks ago, Facebook announced it had revamped its application development platform so that its site and external sites can mesh their users' "social graphs" to individually customize their interaction with them.

"People can have instantly social and personalized experiences everywhere they go," said Mark Zuckerberg, Facebook's CEO.

Key to this vision is Facebook's Open Graph API (application programming interface) and Open Graph Protocol, a system to mark up objects in a uniform way so that Facebook and participating sites can understand them the same way.

Facebook also released plug-ins for developers to easily incorporate on their Web pages Facebook functionality, such as the already widespread "Like" button, which lets end-users express interest in content and inform participating Web sites.

Facebook's site has become a highly complex technology operation serving a massive number of users, which increases the likelihood of breakdowns, so the company must be increasingly vigilant about preventing and fixing bugs and malfunctions, said Augie Ray, a Forrester Research analyst.

As Facebook grows in size and importance, with hundreds of millions of people using it to store and share very personal information, the stakes are sky-high whenever a bug causes a security or privacy breach, he said in a phone interview.

Not only can these incidents erode the trust end-users and advertising partners have on Facebook, but they also put the company at risk of civil lawsuits and government penalties, Ray said.

"Today's incident doesn't seem like an overwhelmingly substantial security breach, but it is serious enough to raise questions on the minds of end-users as to how much they can trust Facebook with their information," he said.

"Facebook must make sure incidents like this one don't accumulate to the extent they become a bigger legal or trust issue," Ray added.

Once Facebook concludes its internal investigation of what went wrong and why, it would be in its best interest to provide more information about its findings, because transparency will help repair confidence among users and partners, he said.

Altimeter Group analyst Jeremiah Owyang predicts incidents like this will happen again. "Don't expect this to be the last privacy mishap. As more users flock to Facebook, it'll continue to innovate and change features in order to grow," he said via e-mail. "Most consumers don't give privacy a hard think until it impacts their lives directly."

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags securitychatFacebookprivacy

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Juan Carlos Perez

IDG News Service
Show Comments

Cool Tech

D-Link PowerLine AV2 2000 Gigabit Network Kit

Learn more >

Crucial® BX200 SATA 2.5” 7mm (with 9.5mm adapter) Internal Solid State Drive

Learn more >

D-Link TAIPAN AC3200 Ultra Wi-Fi Modem Router (DSL-4320L)

Learn more >

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >

Xiro Drone Xplorer V -3 Axis Gimbal & 1080p Full HD 14MP Camera

Learn more >

ASUS ROG Swift PG279Q – Reign beyond virtual world

Learn more >

Gadgets & Things

Lexar Professional 2000x SDHC™/SDXC™ UHS-II cards

Learn more >


Learn more >

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >

Family Friendly

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >

ASUS VivoPC VM62 - Incredibly Powerful, Unbelievably Small

Learn more >

Lexar Professional 2000x SDHC™/SDXC™ UHS-II cards

Learn more >

Stocking Stuffer

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >

Lexar Professional 2000x SDHC™/SDXC™ UHS-II cards

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Best Deals on Good Gear Guide


Latest News Articles


GGG Evaluation Team

Kathy Cassidy


First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni


For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell


The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi


The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott


My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.


Latest Jobs


Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?