For Hulu, Facebook Connect becomes a security headache
Video-streaming site pulls the plug on plan to allow Facebook users to log in, after programmer's error exposes personal information.
Hulu acknowledged this afternoon that an attempt to integrate itself with Facebook didn't go exactly as planned.
Far from aiding the "entire social experience," which the video streaming service had promised in its announcement earlier in the day, the attempted integration allowed some Hulu users to access other users' accounts.
In a followup blog post this afternoon, Hulu Vice President Richard Tom said the security breach was the result of a programming error, not malicious activity, and did not expose passwords or credit card numbers.
"When we launched our Facebook Connect feature early this morning, we discovered that a small number of users weren't seeing their own Hulu account information upon log-in," Tom wrote. Hulu is still investigating what went wrong and has pulled the plug on Facebook Connect in the interim, he added.
The trade Web site Audio Video Revolution reported that the security breach exposed details about Hulu employees:
This time, it logged me in to the account of a Hulu.com employee, Thomas Moore. Thomas is also a former employee of Facebook according to his Facebook page as well as LinkedIn.
After the click, I was able to access his street address, financial information (last 4 digits of his CC with expiration date), device management, e-mail address and password. I know that Thomas has just finished watching episodes of Modern Family, Suits, Burn Notice, and The Guild. If I was a jerk, I could cancel his Hulu Plus account, turn off all his devices and change his e-mail/password. If I was a devious thief, I could slip my device onto his account and get some free Hulu Plus until he noticed. Thank goodness for Thomas, I'm not.
Facebook Connect is a set of programming interfaces that allows users of the social-networking site to use their accounts to log in to other Web sites. In this case, Hulu had hoped that Facebook Connect would encourage more interaction and allow video sharing among its users, including being able to freeze a moment in a film or TV show and then send around the corresponding link.
Today's breach comes amidthat Hulu is meeting potential suitors as part of a possible acquisition (it's owned by ABC, Fox, and NBC Universal). The rumors have also led to that one of Hulu's studio backers is intentionally leaking reports to the media to drive up the sale price.