Hot on HuffPost Tech:

See More Stories
AOL Tech

Facebook Login Loophole Reveals User Names and Profile Pictures

screenshot of facebook loophole
A recently discovered loophole on Facebook could reveal your personal information to complete strangers. And, for the moment, there's nothing you can do about it. As CNET explains, the loophole arises from one of Facebook's quirky log-in features. Usually, if you enter your e-mail address along with an incorrect password, Facebook will automatically open an error page, where you can try again. Also featured on that error page, however, is your full name and profile picture. It follows then, that, if you enter someone else's e-mail address and incorrect password, that person's full name and pic will pop up. And, unfortunately, this loophole exists for all users, regardless of how tight their privacy settings are.

The bug was first flagged by Atul Agarwal, security researcher and CEO of Secfence Technologies. Agarwal apparently noticed the glitch after trying to log on to his account with an incorrect password. In a subsequent e-mail posted to the Full Disclosure mailing list, the researcher described how the loophole could be manipulated to harvest user data, and even came up with a proof of concept script to demonstrate how it could be done. Not long after Agarwal posted his explanation, another mailing list user named Javier Bassi noted that, even if a user types in an invalid e-mail address, Facebook's system will automatically suggest a valid profile picture, user name and e-mail address that's similar to the incorrect address first entered.

Shortly after Information Week broke the story, Facebook responded with a statement reassuring users that the site's engineers are cooking up a solution. "We have technical systems in place to prevent people's names and photos from showing to unrelated users upon login, but a recently introduced bug temporarily prevented these from working as intended," the statement reads. "We are already working on a fix and expect to remedy the situation shortly." Granted, the bug may not reveal your most valuable, highly protected information, but, at a time when many users are growing wary of the site's privacy protection, it's good to know that Facebook is doing its best to patch the hole. [From: CNET and InformationWeek]

Featured on Switched:

Tags: email, facebook, FacebookPrivacy, loophole, privacy, PrivacySettings, security, SocialNetworking, top

Comments

29