Yesterday, Facebook took down their Chat services to patch a flaw in Facebook’s new privacy settings that allowed users to listen in on private chat conversations. This apparently came hours after TechCrunch EU blogger Steve O’Hear taught the world how to exploit the flaw in his TechCrunch post and video. O’Hear was “tipped off that there is a major security flaw in the social networking site that, with just a few mouse clicks, enables any user to view the live chats of their ‘friends’.”
Facebook rolled out its Facebook Chat feature in February of this year. The service allowed users to send live text messages to other Facebook users on their “Friends” list. The flaw apparently allowed users to listen in on these conversations, as well as see other private information about friends’ Facebook accounts.
Once Facebook was informed of the exploit, Chat services quickly became unavailable. A few hours later, Facebook provided the following statement:
For a limited period of time, a bug permitted some users’ chat messages and pending friend requests to be made visible to their friends by manipulating the “preview my profile” feature of Facebook privacy settings. When we received reports of the problem, our engineers promptly diagnosed it and temporarily disabled the chat function. We also pushed out a fix to take care of the visible friend requests which is now complete. Chat will be turned back on across the site shortly. We worked quickly to resolve this matter, ensuring that once the bug was reported to us, a solution was quickly found and implemented.
This is an ironic twist in Facebook’s recent efforts to combat criticism of the service by adding more advanced privacy features; however, the problem appears to have been resolved.