X

Facebook fixes hole that exposed birth dates

Facebook member birth dates were inadvertently exposed during test, putting members at risk of identity fraud, Sophos says.

Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
Elinor Mills
2 min read

Facebook said on Wednesday that it fixed a hole that exposed the birth dates of members during a public beta of a new design for profile pages earlier this week.

Security company Sophos alerted Facebook to the problem and is suggesting that Facebook users input fake birth dates instead of real ones to prevent any similar problems going forward because of the risks from identity fraud.

"My advice to Facebook users would be, even if your data of birth is set to be non-visible, change it to a made-up date in case this kind of blunder happens again," Graham Cluley, senior technology consultant at Sophos, said in a statement. "Facebook and other social-networking Web sites need to be more careful about protecting their members' data, or risk losing users."

A Facebook representative released this statement in response: "For a brief period of time, a small number of users were able to access a private beta of Facebook's new site design meant only for developers. During that time, some of those users had their birthdays revealed due to a bug. The problem was identified and promptly resolved."

Cluley goes into more detail on his company's blog.

And here's a YouTube video that illustrates the problem:


Facebook is scheduled to roll out the new profile page design to users this week.

In an identity theft-related study done last year, Sophos found that 41 percent of Facebook users, or more than two in five, were willing to reveal personal information to a complete stranger.

Late last month, the company suspended the Top Friends app after it was learned that the app was revealing profile data that users wanted to keep private.