FBHive, a new site covering news and opinions about Facebook started by ‘two twenty-something guys’ who are self-proclaimed ‘avid fans’ of the social networking service, is launching today with a bang. According to the website owners, a security loophole allows anyone to view private profile information even if that information has been shielded off by privacy settings.
Think FBHive is touting this hack simply to draw attention to the new site? Think again.
As a challenge, I asked them to tell me some things about me that they could only find on my Facebook account, which is protected from public viewing and should only be accessible to my networks and friends. Almost immediately, they replied with my birth date, the name of my hometown, the name of my fiancé and my political views. That’s scary (and more proof is available if you click the link below).
In their first blog post, FBHive mentions that a similar hack – using the search function to uncover private information – was reported by The Register back in 2007, but that their process is ‘much more simplified and specific’. Moreover, they also claim the bug has already been reported to Facebook several times since June 7th, but that so far response has been virtually non-existing.
The FBHive team is giving the Facebook team – which we’ve also alerted about the claim – about 24 hours to finally respond to their reach-out, and will post details on how exactly one can obtain basic private profile information from protected accounts should the company fail to respond adequately.
Update: statement from Facebook:
We have identified this bug and closed the loophole. We don’t have any evidence to suggest that it was ever exploited for malicious purposes.
This is yet another blow to Facebook: yesterday Michael published an article about a weeks-long issue with click fraud on the social networking service, which the company acknowledged almost immediately with a promise for a quick fix.
(Image found on the blog of Pino Bruno)