This morning, TechCrunch has pointed out a shocking security flaw in Facebook that allows users to see the live chats of any of their friends. The discovery furthers the concern that Facebook's security is not yet where it needs to be.
The problem occurs within an actual security feature of Facebook. There is an option in privacy settings, under personal information and posts, that allows you to preview your profile as it would look to one of your Facebook friends. You are then able to select one of you friends and view it, literally, from their eyes.
The feature works so well, that if your friend happens to be live chatting at the time, you will see their conversations in action. Steve O'Hear posted the video below, showcasing the problem. For now, it seems that Facebook has turned chat off "for maintenance," though they have yet to make a public statement regarding the problem.
Update: A Facebook spokesperson confirmed to Neowin that Facebook chat is offline due to the bug. "Chat is unavailable as we work quickly to fix a bug reported to us. It should return to normal soon. Because of the bug, people could view friends’ chat messages and friend requests for a limited amount of time if they manipulated the 'preview my profile' feature in a specific way. We’ve fixed that issue and took down Chat as soon as we became aware of it. We apologize for the inconvenience."
42 Comments - Add comment