The security bug existed within the Facebook 'Preview My Profile' feature, which lets users type in the name of someone on their friends list to see how their profile would appear to that user. The feature accidentally gave users a look at the other user's profile, displaying their live Facebook chat conversations.
A video posted to the popular website TechCrunch showed a user selecting the Preview My Profile feature on Facebook, and then selecting one of the people from his friends list. He was then able to see that user's live chat messages, and could also look at their pending friend requests.
"For a limited period of time, a bug permitted some users' chat messages and pending friend requests to be made visible to their friends by manipulating the 'preview my profile' feature of Facebook privacy settings," said Facebook in a statement explaining the problem. "When we received reports of the problem, our engineers promptly diagnosed it and temporarily disabled the chat function. We also put out a fix to take care of the visible friend requests, which is now complete. Chat will be turned back on across the site shortly. We worked quickly to resolve this matter, ensuring that once the bug was reported to us, a solution was quickly found and implemented."
News of the flaw struck just as the magazine Consumer Reports published its State of the Net 2010 report, revealing that more than half of Facebook and MySpace users surveyed had posted risky personal details about themselves online. The survey found that 1300 of the 2000 US households included in the study used social networks, which is about twice as many as a year ago. Fourty percent had posted their full birth date, potentially exposing them to identity theft. Seven percent had posted their street address on their profile, while 3% had revealed times when they would be away from home. One quarter posted photos of their children on the site, and an eighth had included the names of their children in the captions.