Facebook Not Hacked, But Bug Let You Read Other’s Mails

SiNXation 08-03-2007

We’re hearing all kinds of explanations for the Facebook downtime today. One worrying possibility we heard is that Facebook was hacked, although Facebook has since corrected that rumor. They admit, however, that a bug meant people were able to read the Facebook inboxes of strangers.

A mail from Facebook: “The bug caused some third party proxy servers to cache otherwise inaccessible content. The result was that an isolated group of users could see some pages that were not intended for them. The site has now been restored and we apologize for any inconvenience this may have caused.”

From reports, it seems Facebook was misidentifying users and logging them in to the wrong accounts. Worse, clearing your cookies and revisiting the site would autofill someone else’s details, meaning details could have been harvested. The bug was introduced during a recent update. Here’s one such report from The Register:

This morning I took part in my daily ritual of a cup of coffee and a quick look at my Face book account. However, when I logged in and click around, I was presented with other user’s private pages, most notably other user’s message inboxes. Further clicking around has exposed other areas of random people’s accounts to me, but fortunately for them, so far all important information is still off limits.

Facebook most likely noticed this problem, and the decision was taken to take the site offline until it was fixed - certainly the right thing to do. Others allege that Facebook took the site down to fix a security hole that would enable a XSS attack, although that seems unlikely in light of the mail bug.

Hsoolien

Considering the scope of what Facebook has attempted and implemented, I'm not suprised a few bugs got through. That said anyone that wanted my profile can have it I mean who really wants to be me? Not even I.

Ice

Facebook is becoming more like myspace, with all the insecurities. Don't you just hate when good sites go bad.

Hsoolien

It's the fate of any large social network on the internet and always will be, unless someone successfully makes a filter against idiots (course they account for some 80% of social site memberships)

SamiJo

oye...and here i was just saying how much better i liked facebook over myspace.

They are becoming more and more like myspace with all the applications they offer but I still consider it to be better than myspace. but this bug today is probably only the first of many.

Hsoolien

They are better, for now. Then there will be a new site and Facebook will be a bloated has been like MySpace.

SamiJo

it already is! there are people on there that should have never been allowed to buy a computer! and its the for now that irritates me...why couldn't they just be happy that everyone loved their site instead of breaking under pressure form the stupid high school kids (which the site was not geared towards inthe first place) to make it more like myspace? I dunno how many petitions have been sent around on that thing - none are worth anything because they are money hungry and wont change. sad.

Raven

This is the same thing AOL still hasn't been able to fix yet for a while. Myspace also still has thi same problem. Looks like its the most acceptable bug on most social sites.

SamiJo

well guess its a good thing that I don't use the mail on those sites for anything other that comment approval

Hsoolien

Generally the best kind of social site is a forum of common interest. That way you have a bunch of like minded people.

That is unless the common interest is one person, then you get stupid drama wars. Probably the place I've met the most cool people through was the Unreal Development forums.