New Facebook blog: We can hack into your profile

People behind the blog, FBHive, say they alerted Facebook to a new security hole several weeks ago but that the social network has not done anything about it. Facebook now says it has solved the problem.

Well, here's an innovative way to get some buzz: FBHive, a new blog devoted to the discussion of all things Facebook, has debuted with the revelation that its creators have discovered a hack that can expose some crucial profile data.

No, it won't expose your personal photos or wall posts. But, FBHive says, it can bring up all the "basic information" that you have entered into your profile, even if you've elected to keep that information private. This is the section that includes location, gender, relationship status, relationships (significant other, parents, siblings), political views, religious views, birthday, and hometown. That's enough to be a problem in the identity theft department, as it could easily expose frequent password hints like dates of birth and mothers' maiden names.

Security holes are nothing new to social networks: last year, Facebook plugged a leak that exposed members' protected photos via the Facebook mobile site, and another hole was discovered about a year ago that exposed members' birth dates.

Admirably, FBHive has not shared the details of the newly discovered hack; more disconcertingly, it said Facebook has done nothing since it alerted the social network to the issue earlier this month.

"We are not malicious hackers, by any means, and our skills are far from advanced," the post read. "We here at FBHive are fans of Facebook, but when a security hole as big as this is discovered and brought to (Facebook's) attention, it shouldn't take 15 days to fix."

A Facebook representative said the company is currently "looking into" the matter and will have more information soon.

UPDATE at 11:14 a.m. PT: "We have identified this bug and closed the loophole," an e-mailed statement from Facebook read. "We don't have any evidence to suggest that it was ever exploited for malicious purposes."

 

Join the discussion

Conversation powered by Livefyre

Don't Miss
Hot Products
Trending on CNET