Facebook Security Hole Remains Unplugged for Two Weeks, Hackers Say

By Matthew Harwood

A team of bloggers has hacked into Facebook using unsophisticated means and say the company has not repaired the security hole despite telling the company of the vulnerability over two weeks ago.

The creators behind FBHive, a new blog dedicated to the social networking site, says their hack can expose information that identity thieves could profit from.

Caroline McCarthy of has more:

No, it won't expose your personal photos or wall posts. But, FBHive says, it can bring up all the "basic information" that you have entered into your profile, even if you've elected to keep that information private. This is the section that includes location, gender, relationship status, relationships (significant other, parents, siblings), political views, religious views, birthday, and hometown. That's enough to be a problem in the identity theft department, as it could easily expose frequent password hints like dates of birth and mothers' maiden names.

To prove their hack worked, the team posted the profile information of Facebook founder and CEO, Mark Zuckerberg, as well as profile information from the founder of Digg, Kevin Rose, and famous blogger, Cory Doctorow.

FBHive says the hack still works today and was communicated to Facebook on June 7.

"We are not malicious hackers by any means," the article announcing the hack said, "and our skills are far from advanced. We here at FBHive are fans of Facebook, but when a security hole as big as this is discovered and brought to their attention, it shouldn’t take 15 days to fix."

Facebook told McCarthy that it is looking into the vulnerability and will have more information soon.

♦ Photo by Scott Beale / Laughing Squid


View Recent News (by day)


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.