Facebook Fixing Security Bug Which Exposes User Photos And Names

-Facebook Security Icon- In theory, all Facebook users have had their profile image and name exposed through a bug which enables malicious hackers to scrape the data. While such information is also available for sale through companies like Flowtown, this particular security glitch makes it much more easier to collect information as long as a company has access to a large database of email addresses.

When asked for comment on the issue, Facebook provided the following statement:

We have technical systems in place to prevent people’s names and photos from showing to unrelated users upon login, but a recently introduced bug temporarily prevented these from working as intended. We are already working on a fix and expect to remedy the situation shortly. Please note that our Statement of Rights and Responsibilities (http://www.facebook.com/terms.php) dictates who and how public information can be accessed, and we prohibit people from scraping our site.

Facebook has also had a number of previous issues where information was supposedly “leaked”. In this case, having access to 500 million user photos and names would require you to have a database of 500 million people. Fortunately there are very few companies that have such a large database of contact information. Also much of this information is already available via Facebook’s Graph API as long as you have a user’s ID.

Generating those IDs through basic brute force techniques would not be too complicated, although it would most definitely be time consuming. However tying that data to an email address becomes a much more powerful combination apparently. Are you concerned by these types of security bugs?