The Wall Street Journal: Facebook Glitch Exposed Private Chats
By JESSICA E. VASCELLARO
Facebook Inc. scrambled to fix a software flaw that gave users’ unintended access to their friends’ private instant messages.
Jessica Vascellaro has breaking news that Facebook says it is fixing a bug that permitted some users’ chat messages and pending friend requests to be made visible to their friends.
The popular Internet hangout Wednesday temporarily shut down its instant-messaging function while it investigated the problem and patched its system.
The Palo Alto, Calif., company said the bug was caused by an update to its software and was in effect “for a limited period of time,” which a spokesman described as “hours.”
The spokesman said the company was still investigating how many users had chats exposed and believes the number is small.
“Someone would have to go through multiple steps to see anything—log-in, go to their privacy settings, use the preview tool, type in a friends name,” he said.
Facebook has had its fair share of bugs, partly reflecting frequent changes and additions to the company’s website. But some incidents have escalated to major embarrassments, because of their potential to allow peeks at personal information that Facebook’s users may not have intended to be widely viewed.
In one incident earlier this year, Facebook misrouted the private messages of a small number of users.
The incidents don’t seem to be affecting the site’s growth. Last month, Facebook Chief Executive Mark Zuckerberg said the 400 million-person service was adding users at its fastest-ever rate.
But the slip-ups could continue to serve as fodder for critics and regulators investigating how Facebook handles its users’ data more broadly.
The latest bug, which also revealed a user’s pending friend requests, was buried in a feature that allows account holders to see whether certain parts of their profile are hidden or accessible to one of their friends.
Facebook designed the feature to help enhance privacy by allowing users to see how their profile appears to others. But some users began reporting Wednesday that while accessing the feature, they were able to see other users’ live chats.
View Full Image
Facebook founder and CEO Mark Zuckerberg delivers the opening keynote address at the f8 Developer Conference last month.
News of the problem was reported by technology blog TechCrunch, which said it had been tipped off to the issue by a Facebook user.
Criticism of Facebook’s privacy practices keeps piling up. A new feature that allows users to indicate information they “Like” on the Web and share the information back on Facebook has drawn criticism from privacy advocates and lawmakers.
Some have voiced concerns that consumers aren’t aware of how the information will be shared. Facebook has been defending the feature, saying users must decide whether they want use the “Like” feature to note other Web sites.
Peter Eckersley, senior staff technologist at the Electronic Frontier Foundation in San Francisco, says that the site has had a lot of “grave privacy bugs” over the years.
While Facebook has gotten better about plugging them, he notes that the most recent problem was particularly troubling because a user could “really exploit it by accident.”
A Facebook spokesman said the company will “continue to invest tremendous resources— both in terms of top engineering talent, infrastructure and software—to protect people’s information and to enforce the privacy decisions make on Facebook.”
“It is important to recognize that no system is perfect and no company avoids errors all of the time,” he continued, “but we are committed to investigating all mistakes and to learning from them.”