Facebook loophole making accounts accessible without passwords exposed

The bug was exposed in a message posted to the Hacker News website.

Written by Agencies

London | November 3, 2012 01:49 PM IST

1 min read

Social networking giant Facebook has moved quickly to shut down a loophole that made some accounts accessible without even using a password.

The bug was exposed in a message posted to the Hacker News website.

Subscribe to read on

Select your plan

BEST VALUE

All-Access

Ad-lite experience

Access to premium stories

Access to ePaper

Starts at ₹117/month

Digital Only

Ad-lite experience

Access to premium stories

Access to ePaper

Starts at ₹133/month

Subscribe to read on

Select your plan

BEST VALUE

All-Access

Ad-lite experience

Access to premium stories

Access to ePaper

Starts at ₹117/month

Digital Only

Ad-lite experience

Access to premium stories

Access to ePaper

Starts at ₹133/month

The message contained a search string that,when used on Google,returned a list of links to 1.32 million Facebook accounts.

In some cases clicking on a link logged in to that account without the need for a password,the BBC reports.

All the links exposed the email addresses of Facebook users,the report said.

Facebook security engineer Matt Jones said the links were typically only sent to the email addresses of account holders. Links sent in this way can only be clicked once.

For a search engine to come across these links,the content of the emails would need to have been posted online, he said.

Story continues below this ad

Jones suspected this is what happened as many of the email addresses exposed were for throwaway mail sites or for services that did a bad job of protecting archived messages.

Tags:

Facebook social networking world news