Suspected PayPal Hackers Seek Deal To Stay Out Of Prison
Did A Google Earth Mistake Cause A Couple's Brutal Murder?
Facebook Login Loophole Reveals User Names and Profile Pictures
The bug was first flagged by Atul Agarwal, security researcher and CEO of Secfence Technologies. Agarwal apparently noticed the glitch after trying to log on to his account with an incorrect password. In a subsequent e-mail posted to the Full Disclosure mailing list, the researcher described how the loophole could be manipulated to harvest user data, and even came up with a proof of concept script to demonstrate how it could be done. Not long after Agarwal posted his explanation, another mailing list user named Javier Bassi noted that, even if a user types in an invalid e-mail address, Facebook's system will automatically suggest a valid profile picture, user name and e-mail address that's similar to the incorrect address first entered.
Shortly after Information Week broke the story, Facebook responded with a statement reassuring users that the site's engineers are cooking up a solution. "We have technical systems in place to prevent people's names and photos from showing to unrelated users upon login, but a recently introduced bug temporarily prevented these from working as intended," the statement reads. "We are already working on a fix and expect to remedy the situation shortly." Granted, the bug may not reveal your most valuable, highly protected information, but, at a time when many users are growing wary of the site's privacy protection, it's good to know that Facebook is doing its best to patch the hole. [From: CNET and InformationWeek]
Featured on Switched:
How Kidnapping Suspect Passes Time Behind Bars
Chili's Waitress Fired Over Facebook Post Insulting 'Stupid Cops'
PHOTOS: 10 Deadliest Periods In History (NEW BOOK)
Billboard Music Awards: Worst Dressed (or Most Daring?) From Past Red Carpets
HSBC Plans 14,000 More Job Cuts
These American Companies Refused To Sign The Bangladesh Safety Accord
Forbidden America: Cold War-Era Map Shows No-Go Zones For Soviet Tourists
Man Takes Dump In Background Of Instructional Workout Video
Teen Who Died During Her First Solo Drive May Have Been Texting
Tenants: Stench of Death Makes St. Louis Complex 'Unlivable'
Famous Roadside Attractions
Courtney Stodden Has A Sex Tape
Taylor Swift Q and A: What Does She Splurge on in Las Vegas?
Hands-on with the Samsung Galaxy S 4 running stock Android 4.2
Former OJ Attorney Gives Shocking Testimony
Bill Gates regains title of world's richest person as Microsoft stock hits five-year high
12 Common Workout Myths Debunked
Guess Which State Boasts The Most Million-Dollar Homes?
LOOK: There's Something Wrong With This Picture
PHOTO: Looking Good! Chaz Bono Loses 65 Pounds
McDonald's Store Owners Fear Fast Food Chain Becoming Too Slow
PREGNANT!
Radio Host Makes Shocking Claim About Shooting Hillary Clinton
PHOTO: Rob Kardashian Takes A Hike
Waitress Surprised With HUGE Tip On Tiny Bill
New Leads In Case Of Missing British Girl
Will Smith, Jaden Smith Get Photobombed
Jodi Arias' Lawyers Want Out
Student Shot Dead During Botched Home Invasion
Treasury Officials Told Of IRS Probe In June 2012
LOOK: Khloe K Shows Curves In SKIN TIGHT Dress
Pictures Showing Pregnant Teens' Bumps Banned From Yearbook
Comments
29
Subscribe to commentsLisaAug 12th 2010 3:21PM
LOL...for all of you who keep saying others should join Facebook and post all kinds of personal stuff on that site, how do you like it now!?
Why have people not figured out that once you put something on the internet, even if it is "private", there is a big chance that someone can and will be able to get that information and it will either cause you immediate problems or haunt you down the road?
Here's a thought, maybe it's not really a "loophole"?
tbaby610Oct 15th 2010 2:41PM
you are so right
AudreyAug 12th 2010 3:24PM
Here's another thought: Don't put anything on the internet you don't want viewed by other people or that will "haunt" you later on. Really, it's a no-brainer.
KAug 18th 2010 2:33PM
good for him
jean loganAug 12th 2010 4:07PM
How else are you going to find your old friends? If you type their name in and its totally blocked then your chance of finding
old friends is non-exsistent. So many people say "hey, there is Judy"...wonder whats she up to. Then you can write her a private message to see if its the same Judy and then become "friends" on FB.
I love Pat GreenAug 12th 2010 6:14PM
What is so important about constantly "finding your old friends" and staying in constant contact? Kinda creep... really...
joannrothAug 12th 2010 4:17PM
I continue to be amazed ... Every day AOL has something negative to say about Facebook..... For those of you on Facebook - Don't put anything on the web you wouldn't want your spouse/mother/boss/pastor to see. For AOL - It's getting old, move on ...
jean loganAug 12th 2010 4:26PM
I totally agree!!!
DORFMONTAug 12th 2010 7:21PM
If you are logging in under your own name, I would think that you know who you are and what you look like. There is no need to post the user's name and photo at this point in the login procedure.
llittleangelAug 12th 2010 4:42PM
It seems to me that somebody is getting ready for a new "facebook-type" progam to hit the net, so someone is sabatoging Facebook. It's true thought that putting something on FB that you don't want people to see, like a profile where you're half-dressed and drinking a martini and you're a school teacher is not a good idea if you get my drift.
The AsteriskAug 12th 2010 4:50PM
For all of you that are using Facebook; have you ever tried to cancel it? When you decide to opt out of the site; they send a message that they will keep your name and address "just in case you want to come back". That means that you are locked into their leaking system forever!! Do you know of any other site that you can't opt out of? It should be illegal, but nobody seems to care; and every company urges you to sign up for Facebook for special offers and contests. Don't you realize those who want you to sign up for Facebook are reading all your messages so they can bombard you with pop-ups that fit your profile??
I love Pat GreenAug 12th 2010 6:13PM
Yeah, back when you had to pay for AOL, they would not let you leave. I tried to leave once and they absolutely refused, despite the fact that I did not currently have a computer. Their fabulous suggestion was, "Can't you go to a friend's house to check your email?" That might work for a teenager, but for a mom with a family, it's kind of stupid!!
AliceAug 17th 2010 9:31AM
also would just like to point out that it seems severeal of the insulters do not actually facebook. yes when you want to delete your account they give you the option of just "closing" your page while keeping all your information the way it was, or you can completely delete it. I don't see how them giving the option, probably after hundreds of complaints from people who deleted their stuff and then wanted it back, makes them so terrible.
sim_08Aug 12th 2010 5:05PM
its good that a new face book has been set up. iv heard about whats happened on facebook & its on the new. people need to protected from stupid people that havenothing good to say.
Jerry BAug 12th 2010 5:21PM
What is the big deal? I mean...all the info anyone would want about anyone else is already out there. Remember phone books? Man, all someone had to do was look and there it was! Your name...your address and your phone number!! Right there for everyone to see!! Chill out people...there is no privacy in the world unless you live on an island. (But, even then, watch out for satellites!).
cbreze1101Aug 12th 2010 5:21PM
I was affected by this so called glitch. My email address, which is a requirement to sign into Facebook, along with a password was hacked. My email account password was then changed without my knowledge since this person made their own email the primary contact. My account was then used to send out phishing emails. While not drastic it is a pain in the neck. Now I have to fix all of this and try to reassure everyone that I'm not in Europe the victim of a crime in need of money to come home. I have my privacy settings as tight as I possibly could and offer no personal information other than email address. It's scary to see when kids put their cell phone numbers and other personal info on Facebook. Someone is sitting at their computer laughing their butt off all the trouble they have caused. As I said in my status today...I hope that your underwear is infested with flesh eating mosquitoes...
GeeAug 12th 2010 6:08PM
I had the same exact thing happen to a friend but yet she is back on facebook and I continue to be there too.
BruceAug 12th 2010 6:15PM
Emagine that. I haven't be able to get on my own account for two monthes now. They tell me they will send a cod to my phone. It never comes!
belindajonAug 12th 2010 6:32PM
Easy Chicken Little, the problem has been fixed..... sheesh
Mary D. WipfAug 12th 2010 7:07PM
check my facebook anytime, no secerts there.