SciTechBlog   « Back to Blog Main
May 5, 2010

Facebook fixes security bug in chat program

Posted: 12:13 PM ET

UPDATE 2:06 p.m. ET: A Facebook spokesperson says the security bug has been fixed; chat will be up shortly.

The blog TechCrunch posted a scary video today.

Writer Steve O'Hear shows that it's possible to eavesdrop on the private live chats of your Facebook friends by previewing your profile through the site's privacy settings.

Facebook shut down its chat function on Wednesday in response the security bug, a Facebook spokeswoman said in an e-mail to CNN.

"When we received reports of the problem, our engineers promptly diagnosed it and temporarily disabled the chat function," the e-mailed statement from Facebook says.

"We also pushed out a fix to take care of the visible friend requests which is now complete. Chat will be turned back on across the site shortly. We worked quickly to resolve this matter, ensuring that once the bug was reported to us, a solution was quickly found and implemented."

The social network's chat feature - which lets people have live conversations through instant text messages - appeared to be "down for maintenance" as of noon ET, when CNN tried to replicated the hack.

Watch the full video to understand how the flaw works.

"I know Facebook wants us to share more information and open up, but I’m not sure that this is quite what they had in mind," O'Hear writes on the blog.

He accesses a friend's supposedly private chat conversation by using a feature that lets people preview their profile through the eyes of their friends. This feature is intended to let people see if they've managed their privacy settings correctly. A person, for instance, might make some Facebook information viewable to everyone, while keeping co-workers or professional contacts in the dark about new photos or status updates.

When O'Hear previews his profile through the eyes of a friend, he pulls up that friend's private chat.

We'll keep an eye on this and let you know if we hear back from Facebook.

Posted by:
Filed under: Facebook • privacy


Share this on:
qmcs   May 5th, 2010 12:34 pm ET

Hello – This NEWS is for everyone!! There is no privacy on the internet that you can afford.


IllIlI   May 5th, 2010 12:37 pm ET

Failbook prevails again! :)


Frank, Athens, OH   May 5th, 2010 12:52 pm ET

So is this why Facebook chat has been down all morning, then?


mustbeanidiot   May 5th, 2010 1:10 pm ET

wow....really?

cnn is actually reporting on this garbage?

unbelievable to think that what we say on the internet isn't private.

please stick to real news cnn...if you can.


Mike, Boston   May 5th, 2010 1:14 pm ET

So when someone posts a security hole. How is it legal to make an attempt to exploit it CNN? What is it with news sites just brazenly bragging about breaking the law lately?


sean   May 5th, 2010 1:18 pm ET

once again... facebook messes up. it was obvious from a year ago (the time that they revamped the privacy settings and all these things that I had deleted popped up again in my profile) that facebook just cannot be trusted. if you are dumb enough to put all your private information up there... just remember, even if you delete it later, facebook still saves it, and they obviously are not careful with it, or their website programming is just poorly done, and it can come up in unexpected ways later.


Bubba   May 5th, 2010 1:28 pm ET

Mike, I don't think it's actually illegal to do what they are showing. What law would he be breaking? The chat's down being worked on to fix this right now, so no one can eavesdrop using his trick, and meanwhile everyone is being warned.


Fan   May 5th, 2010 1:29 pm ET

facebook chat is worthless anyways, I seriously don't know anybody that actually uses it.


TerryBin   May 5th, 2010 1:30 pm ET

Some additional info on FB and privacy: If there is a community page for any word that you have in a update, your post will end up on that page. If you have privacy settings so that only friends can see what you write, then it will end up under a header, "Related Posts by Friends". If you have your privacy setting set to everyone, then it will end up under a header, "Related Global Posts" and truly everyone can see it. I and others have mentioned the word sleep in a post (and it is not listed as an interest of mine) and the posts are on the community page "Sleeping". I really don't think every time someone mentions sleep they want that post listed there. I do not think this aspect of posting and the community pages is well understood. Personally I find it very frightening. What if they have another glitch and everyone can see a post you wrote, not just your friends? On some page you had no idea it was posted to.


Matt   May 5th, 2010 2:42 pm ET

"wow....really?
cnn is actually reporting on this garbage?
unbelievable to think that what we say on the internet isn't private.
please stick to real news cnn...if you can."

Yeah, clearly potential security or privacy issues with a website used daily by millions of people are not newsworthy. If you don't want technology news, stay out of the technology section.

FWIW, I just looked at Fox News, and everything below the fold there is tabloid crap about celebrities. IMO, this is a lot more newsworthy than whether Miley Cyrus' new music video is "too racy".

"So when someone posts a security hole. How is it legal to make an attempt to exploit it CNN? What is it with news sites just brazenly bragging about breaking the law lately?"

They were trying to *verify* what was posted on Techcrunch, which is, um, what a reputable news source should do before reposting something like this.


Steven Cravis   May 5th, 2010 4:18 pm ET

Everyone go click the 'like' button at http://www.stevencravis.com if you want a link back to your facebook page!


Bryan   May 5th, 2010 4:58 pm ET

Don't know if this is still a problem, but as of December you could be logged on two computers and see the chats. This happened at my home where we have three computers, you could see the chat from the other computer. Most good applications will log one of the computers out when a new session is started and issue a warning.


Hmm   May 5th, 2010 5:21 pm ET

how long was the bug allowing this?


Justice Juice.com   May 5th, 2010 5:27 pm ET

Follow this story and others on justicejuice.com!


Matthew   May 5th, 2010 8:10 pm ET

"...when CNN tried to replicatED the hack..."
Wow.......if your going to report "news" then at least proof it first.


Mark C   May 5th, 2010 9:43 pm ET

Facebook has got to be the least technically competent major site on the Internet. Absurd considering the information they're entrusted with.


Mark C   May 5th, 2010 9:46 pm ET

Oh, and you morons making comments like "there is no privacy on the Internet"....just kill yourself now. You really are that worthless.


Harold   May 5th, 2010 10:18 pm ET

Yes I realise there is no privacy on the internet. But at the moment only relevant authorities have the power to track your ip or whatever. Facebook is making it easier and easier for anyone to monitor anyone.


Gord   May 5th, 2010 10:18 pm ET

Mark C, regarding your comment about morons saying "there is no privacy on the internet". There is no privacy on the internet. Proof once again. Websites and computers are all subject to code and programming errors of humans.

If you don't want everything you type and upload potentially available to anyone, don't do it. It's FACEBOOK, not your bloody BANK. Moron.


Get A Life   May 5th, 2010 10:50 pm ET

Seriously, go outside and get one. Facebook "social networking." Another symptom of our deeply self-absorbed society. Shut-ins hiding behind computers thinking that what they have to say is so important. It's not, your not, none of us are. Too many people are now living for what is of little value and doh! is public.


Carlos Arroyo   May 5th, 2010 11:00 pm ET

Facebook is worthless and a waste of time and real tacky man.


sammolicious   May 5th, 2010 11:00 pm ET

Once again, facebook disappoints.


Damian   May 6th, 2010 5:29 am ET

I lost all dreams of privacy about the internet a long time ago. Now I am worried if I can use it in peace. With new regulations by the FCC claiming their taking away our liberties for the sake of protecting us from terorism the nuevo beauty of the internet is rapidly dwindeling. Where can we escape too next I wonder. Protein Supplement


ballz   May 6th, 2010 8:37 am ET

Privacy on FailBook? I didnt think there was such a thing. Yeah yeah noobs, there are apparently security settings but if you use that site, its going to bite you back one day.
Enjoy


Adam Dubya   May 6th, 2010 9:01 am ET

To: Get a life

"Shut-ins hiding behind computers thinking that what they have to say is so important. It's not, your not, none of us are. Too many people are now living for what is of little value and doh! is public."

I'm not sure I need to even try and say something clever about what's funny about your post.


techie   May 6th, 2010 9:15 am ET

@mustbeanidiot

THIS IS THE TECH NEWS NOT THE ACTUAL NEWS
AND THAT NAME DOES SUIT YOU CAUSE YOU MUST BE AN IDIOT!!!


rearden   May 6th, 2010 10:49 am ET

I think Facebook should encrypt the chat function by default. All skype traffic is encrypted, most other chat services can be. I would really like to see that on the Facebook chat.


The_Mick   May 6th, 2010 12:12 pm ET

When I first saw this story, with a similar headline, I thought it was a new surfacing of the Facekoob virus which has hit Facebook twice. Interestingly Avira, one of several top-notch free antiviruses, was the first to detect it with it's top-rated heuristics [detection based on a viruses telltale activities rather than stored info about it].


bhagabat   May 6th, 2010 1:11 pm ET

it is one kind of funda although anyway while using it we should take serious so thanks for valuable information


commonsence   May 6th, 2010 1:27 pm ET

Valid news. As a regular user, we do need to know what’s ‘relatively’ private, and what’s not. Yes, eventually nothing is totally private on internet.
If you are not interested in it, don’t read it. obviously you bother to drill into the story and read the whole thing and then have the time to leave comment. Why?


Sency   May 6th, 2010 11:33 pm ET

Facebook is so far ahead – that these bumps aren't going to take the site of its growth

http://sency.com/facebook-security.htm


fiwedding   July 22nd, 2010 2:57 am ET

it is one kind of funda although anyway while using it we should take serious so thanks for valuable information


Zonke   November 8th, 2012 9:59 am ET

In players cratee a character and adventure through the , missions, blowing things up and , bullets, to name but a few things. Generally , if you've seen it in a matrix film chances are you can do it in the game. This is excellent news for the vast mob of people who have always wanted to experience the matrix and do their part in helping the people of Zion. Or even for those people who were secretly sympathetic to the Machines, or those who found the Merovingian charming and were secretly rooting for his Exiles throughout the film.


banckle   July 18th, 2013 9:30 am ET

Thanks for providing wonderful information I would suggest you to check Banckle Chat ( http://banckle.com/apps/chat/overview.html ) which is one of the best live chat application for your website having lots of built-in featuers.

Signup FREE: https://apps.banckle.com/action/signup


Personal training Long Island   January 11th, 2014 11:20 pm ET

I could only imagine how hard it is to roll out a website change in a company like Facebook. One mistake and everyone goes nuts. I sort of a agree with "Get A Life".


Leave Your Comment


 

CNN welcomes a lively and courteous discussion as long as you follow the Rules of Conduct set forth in our Terms of Service. Comments are not pre-screened before they post. You agree that anything you post may be used, along with your name and profile picture, in accordance with our Privacy Policy and the license you have granted pursuant to our Terms of Service.


subscribe RSS Icon
About this blog

Are you a gadgethead? Do you spend hours a day online? Or are you just curious about how technology impacts your life? In this digital age, it's increasingly important to be fluent, or at least familiar, with the big tech trends. From gadgets to Google, smartphones to social media, this blog will help keep you informed.

subscribe RSS Icon
twitter
Powered by WordPress.com VIP