« NYC's Emergency Management on Facebook | Main | How are your mobile manners? »

Privacy settings aren't always a guarantee on Facebook

Here's tomorrow's column, that we just posted online a few minutes ago. Basically, it came from a post by two new bloggers at FBHive, who described themselves as two Facebook lovers.

In their inaugural post, the two exposed a big hole in Facebook -- with what they described as a fairly simple hack, they were able to see all of my personal info -- something I have set to be viewed by my closest friends only. They invited people to email them to test it out, so I did.

I got a response from one of the bloggers, Tom, from Brisbane, Australia within minutes: all of my personal information on Facebook: my birthday, networks, hometown, the fact that I'm interested in men, how I describe my religious views.

In the email interview that ensued (it was 2 a.m. in Australia, so Tom and I just emailed back and forth), Tom said Facebook contacted them and was working on fixing the problem.

In fact, Facebook responded to an email Bridget sent by saying they had ''identified the bug and closed the loophole,'' adding in an e-mail that they had no "evidence to suggest it was ever exploited for malicious purposes.''

The FBHive guys also said they didn't intend to be malicious hackers. They describe themselves as big Facebook fans, but they said they first reported the hole to Facebook a few weeks ago and received little attention. Facebook did get in touch with them immediately after the blog post.

''Could the average user have discovered it? No. I'm in my final year of an IT degree, so I consider myself a tiny bit more savvy than most,'' Tom wrote in one e-mail. "That said, if this was to be released online as a tutorial, I suspect anyone who could use Facebook could pull it off if they followed it step by step.''

Still, consider it a cautionary tale about your information online. For identity theft reasons, I've never allowed her birth year to be shown on Facebook -- so the FBHive guys couldn't uncover that.

But it's a good reminder that even information we consider ''private'' really isn't.

Last month, we moderated a panel about social networks and security for the local group of Women in Technology International. (You can read our entire blog post about it here.) One of the panelists was Jay Patel, a senior manager of IT advisory services for KPMG. He mostly avoids social networks precisely because of security risks like this one.

His advice? Don't post ANYTHING online unless you're OK with ''four billion people'' seeing it.

We say this all the time, so we don't mean to sound like a broken record. But this morning's incident should be a fresh reminder.


TrackBack URL for this entry:

Listed below are links to weblogs that reference Privacy settings aren't always a guarantee on Facebook:


Feed You can follow this conversation by subscribing to the comment feed for this post.

The comments to this entry are closed.

Terms of Service | Privacy Policy | Copyright | About The Miami Herald | Advertise