The exploit caused Facebook to temporarily disable chat, which was back online as of 11 a.m. (US Pacific) on Wednesday.
Users could inadvertently activate the security breach, which was first reported by TechCrunch Europe, via their privacy settings. Facebook has since patched the bug, and sent PC World this statement explaining the mishap:
“For a limited period of time, a bug permitted some users’ chat messages and pending friend requests to be made visible to their friends by manipulating the “preview my profile” feature of Facebook privacy settings. When we received reports of the problem, our engineers promptly diagnosed it and temporarily disabled the chat function. We also pushed out a fix to take care of the visible friend requests which is now complete.”
Facebook did not report the number of users who were affected by the bug.
U.S. Senator Charles Schumer (D-N.Y.) last week urged the Federal Trade Commission to create privacy guidelines for social networking sites like Facebook, Twitter, and MySpace. Schumer singled out the “complicated and confusing” steps that Facebook users must take to avoid sharing their personal information with third-party sites.
Facebook CEO Mark Zuckerberg has infamously made several foot-in-mouth remarks that glibly dismiss the importance of user privacy.
A recent survey by Sophos, an IT security firm, shows that Facebook users worldwide are concerned about proposed changes to the social network’s security policies.
It appears that today’s chat bug was zapped before it could cause much harm. Still, the incident contributes to the widely-held perception that the term “Facebook security” is an oxymoron.