Facebook Disables Chat After Bug Exposes Private Data

After two security glitches were revealed today, Facebook was forced to shut down chat functions while it worked on a fix. One bug allowed users to see allegedly private chats, while another exposed pending friend requests. Facebook didn’t notify users whose accounts may have been compromised, presumably because, hey, they’re Facebook, and they don’t have to.

Facebook issued a statement this afternoon, insisting that the bugs had been fixed, and chat would soon be restored:

For a limited period of time, a bug permitted some users’ chat messages and pending friend requests to be made visible to their friends by manipulating the “preview my profile” feature of Facebook privacy settings. When we received reports of the problem, our engineers promptly diagnosed it and temporarily disabled the chat function. We also pushed out a fix to take care of the visible friend requests which is now complete. Chat will be turned back on across the site shortly. We worked quickly to resolve this matter, ensuring that once the bug was reported to us, a solution was quickly found and implemented.

At Consumer Reports’ “Social Insecurity” event yesterday, technology editor Jeff Fox said that social networks like Facebook encourage users to”drop their guard because it’s basically made up of friends and family, yet it’s a potentially dangerous environment. You’d never go out into Times Square and announce your personal information. Social networks are not that different.”

According to a CR study, 23% of Facebook’s users either don’t know that Facebook offers privacy controls, or choose not to use them, Of course, events like today’s don’t exactly inspire a lot of confidence in the ability of those tools to actually keep personal information private.

Facebook Security Flaw Publicizes Private Chats [NYTimes.com]
Consumer Reports survey: Social network users post risky information [Consumer Reports Electronics]