A Facebook flaw, which made some accounts accessible without the need for a password, has been exposed.
A message posted to the Hacker News website contained a search string that, when typed into Google, presented a list of links to some 1.32 million Facebook accounts. A number of these could be logged into simply by clicking the link – without the need for a password.
The message featured a search syntax that exposed a system used by Facebook that lets users quickly log into their accounts.
Facebook has moved quickly to cut off this process. The social network’s security engineer Matt Jones added the following comment to the Hacker News message: "For a search engine to come across these links, the content of the emails would need to have been posted online."
Jones said that most of the links exposed would have already expired, but added: “Due to some of these links being disclosed, we’ve turned the feature off until we can better ensure its security for users whose email contents are publicly visible."
Want to receive up-to-the-minute tech news straight to your inbox? Then click here to sign up for the completely free PCR Daily Digest and Newsflash email services. You can also follow PCR on Twitter and Facebook.