Feeds

Facebook security glitch exposes user in-boxes

Cache glitch chaos forces users to work

The essential guide to IT transformation

Updated Office workers logging into Facebook on Tuesday morning were shocked to discover they were being served up other user's private pages.

Information going astray included other user's message inboxes. Fortunately more sensitive information - such as users' contact details - remained off limits to all but a member's friends.

The security glitch reared its head early on Tuesday, since when the site has been intermittently unavailable, at least in the UK. Access to the site from Spain, at least, has been fine since lunchtime.

The experience of Reg reader Wes seems typical.

"This morning I took part in my daily ritual of a cup of coffee and a quick look at my Face book account. However, when I logged in and click around, I was presented with other user's private pages, most notably other user's message inboxes. Further clicking around has exposed other areas of random people's accounts to me, but fortunately for them, so far all important information is still off limits," Wes reports.

Wes said the rest of his office are having similar difficulties accessing the service. Other Reg readers have written in reporting similar problems, some sending screen shots to illustrate their concerns.

In a statement, Facebook said the problem was due to a programming glitch - not the actions of external hackers - and has now been resolved, after the firm temporarily suspended services to apply an update. It apologised for any inconvenience.

"This morning, we temporarily took down the Facebook site to fix a bug we identified earlier today. This was not the result of a security breach. Specifically, the bug caused some third party proxy servers to cache otherwise inaccessible content. The result was that an isolated group of users could see some pages that were not intended for them. The site has now been restored, and we apologise for any inconvenience this may have caused," it said. ®

Bootnote

We can perhaps console ourselves with the observation that because Facebook was down for everyone for a short time on Tuesday - and unavailable for some for a much longer period - office workers were obliged to get on with their work, instead of posting photos and exchanging banter with their mates. Parts of the economy should be braced for unexpected end of month jump in productivity, perhaps.

Next gen security for virtualised datacentres

More from The Register

next story
Rupert Murdoch says Google is worse than the NSA
Mr Burns vs. The Chocolate Factory, round three!
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Germany 'accidentally' snooped on John Kerry and Hillary Clinton
Dragnet surveillance picks up EVERYTHING, USA, m'kay?
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
Think crypto hides you from spooks on Facebook? THINK AGAIN
Traffic fingerprints reveal all, say boffins
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.