Maybe with all the constant redesigns and swapping of features, the occasional bug is to be expected. But a bug uncovered by TechCrunch Europe today turned out to be a gaping security hole. The bug allowed users to view the live chat logs of any of their friends on the site.
The trick relied on Facebook's profile preview feature in the security settings. When changing security, users can preview their profile to see what information is available to the outside world. There is also a box on the preview where a specific user can be entered so you can see how your profile looks to that person. By just typing in the name of a friend, their chat log can be pulled up. Yes, a privacy feature actually created an exploit.
TechCrunch alerted Facebook, who then pushed out an update to fix the error. In a statement Facebook said the bug was accessed by, " by manipulating the “preview my profile” feature." We prefer to think of it as using the feature, but that's just semantics. We'll hand it to Facebook, they did fix it quickly, but it shouldn't have happened in the first place.