It looks like there's yet another little bug that compromises the privacy of Facebook users--all 500 million of them--and it doesn't matter how a user has set the account's privacy settings.
The bug can be found in the error page that comes when a user attempts to sign in but types in the wrong password. The system automatically populates the error page with that user's first and last names, along with the profile picture, and gives the user the chance to re-enter the password.
Now, that's kind of helpful--not can't-live-without-it helpful--but still a nice feature for the user. But what if you type in someone else's e-mail address with the wrong password? Yup, you guessed it: full name and a profile pic for that person.
Read more of "Facebook loophole reveals names, pictures with sign-on errors" at ZDNet's Between the Lines.