Feeds

AT&T snuffs mobile Facebook security glitch

Um, that's not my profile

Security for virtualized datacentres

AT&T says it has resolved a network glitch that caused some mobile customers to log into Facebook accounts belonging to complete strangers.

"In a limited number of instances, a server software connectivity error resulted in some AT&T wireless customers being logged into the wrong Facebook account when they accessed Facebook through their mobile phones," an AT&T spokesman told El Reg via email. "This error impacted the subscriber identification information used to automatically log-on the Facebook user if a current cookie was not available.

Over the weekend, a story from The Associated Press reported that an Atlanta, Georgia-area mother and her two daughters all found themselves looking at strangers' Facebook profiles when they accessed the social website from their mobiles. One of the daughters landed in another person's profile on her first visit to Facebook on her phone.

The mobile operator confirmed that server issues were to blame for the security breaches "in a limited number of instances," but it didn't say how widespread the glitch was.

And here's where it get a bit weird: AT&T told the AP that one of the family members had actually experienced a separate error that similarly granted her full access to another person's Facebook account. AT&T said that its investigation pointed to a "misdirected cookie" in one of the phones — and that its technicians were unable to determine how it was routed to the phone.

The mobile operator told us that it has added new security measures to prevent the server error from happening again, adding that it collaborated with Facebook to disable subscriber identification information as an option for automatic log-in.

"For customers to access their Facebook account from AT&T wireless devices, Facebook now only will accept cookies placed by Facebook or full customer log-on information," AT&T said. "If the cookie isn't current, customers will be prompted to log in to their account. With these steps, we've addressed all known server issues and we continue to work with Facebook to monitor the situation."

AT&T went on to claim the wayward cookie issue was merely an "isolated" case that it has resolved with the customer. "It is unclear how this cookie was set on the phone." it said. ®

New hybrid storage solutions

More from The Register

next story
Apple iPhone 6: Missing sapphire glass screen FAIL explained
They just cannae do it in time, says analyst
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Quit drooling, fanbois - haven't you SEEN what the iPhone 6 costs?
How keen will buyers be when exposed to the real price?
Slap my Imp up: Bullfrog's Dungeon Keeper
Monsters need to earn a living too
Oh noes, fanbois! iPhone 6 Plus shipments 'DELAYED' in the UK
Is EMBIGGENED Apple mobile REALLY that popular?
Apple's big bang: iPhone 6, ANOTHER iPhone 6 Plus and WATCH OUT
Let's >sigh< see what Cupertino has been up to for the past year
The Apple Watch and CROTCH RUBBING. How are they related?
Plus: 'NostrilTime' wristjob vid action
Apple's SNEAKY plan: COPY ANDROID. Hello iPhone 6, Watch
Sizes, prices and all – but not for the wrist-o-puter
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.