Geez Facebook I’ve got a strainer that doesn’t leak as bad as you do

No sooner does Zuckerberg finish up his tête-à-tête with Walt Mossberg and Kara Swisher on the stage of the D8 conference than we find out that there is yet another security flaw in Faccebook. It turns out that under certain circumstance a Google search will return the email addresses of people on Facebook – email addresses that they may not have wanted anyone other than Facebook to know about.

According to Nick O’Neill at All Facebook the flaw is being triggered under the following conditions

  • A user logs in to Facebook and uses the “Friend Finder” tool.
  • Facebook then stores the email addresses that the user had in their contact list and sends a message to the users encouraging them to join the site.
  • Users are sent a message which offers to let them opt-out from future emails, at which point they end up at the “Email Opt-out” page, displayed in the second picture below.
  • This page is in turn indexed by Google, who somehow found this Page through emails or some other means.

Sure it might not be as bad as exposing credit card information or those questionable photos you have tried to hide from prying eyes but come on already. It just goes to show that as these social networks and the software that runs them gets bigger and more complicated that a much better job of Q&A must be done before rolling out new features.

Comments