Steve O’Hear at TechCrunch received a tip about a major security flaw on Facebook which enabled any user to view the live chats of their ‘friends’ and access their friends’ latest pending friend-requests.
The irony is that the exploit is enabled by they way that Facebook lets you preview your own privacy settings. In other words, a privacy feature contains a flaw that lets others view private information if they are aware of the exploit.
Facebook was informed about this exploit and sent this statement.
For a limited period of time, a bug permitted some users’ chat messages and pending friend requests to be made visible to their friends by manipulating the “preview my profile†feature of Facebook privacy settings. When we received reports of the problem, our engineers promptly diagnosed it and temporarily disabled the chat function. We also pushed out a fix to take care of the visible friend requests which is now complete. Chat will be turned back on across the site shortly. We worked quickly to resolve this matter, ensuring that once the bug was reported to us, a solution was quickly found and implemented.
http://eu.techcrunch.com/2010/05/05/video-major-facebook-security-hole-lets-you-view-your-friends-live-chats/
