[ISN] Facebook security lapse allows Paris Hilton pictures to be leaked

From: InfoSec News (alerts@private)
Date: Tue Mar 25 2008 - 22:03:36 PST


http://technology.timesonline.co.uk/tol/news/tech_and_web/article3617360.ece

By Jonathan Richards
Times Online
March 25, 2008

A security lapse on Facebook has allowed its users to gain access to 
vast libraries of private photographs, including one of Paris Hilton 
drinking beer with her friends.

A Canadian hacker exploited a recent upgrade to the networking site's 
privacy settings to view pictures that were intended to be private, 
including some of Paris Hilton partying with her brother, Barron 
Nicholas, at the recent Emmy awards.

Facebook was told about the problem yesterday afternoon, and said it had 
since fixed the bug.

Byron Ng, a computer technician from Vancouver, began looking for flaws 
in the site's security after an upgrade last week purportedly gave 
Facebook's 40 million users greater control over the way they shared 
material such as photographs with their friends.

Mr Ng found that he was able to pull up recent pictures posted by 
Facebook users, even if the owners intended them only to be seen by a 
select group of friends.

In a subsequent test, the Associated Press reported [1] that it was able 
to access several private albums, including one posted by Mark 
Zuckerberg, Facebook's founder, in November 2005.

The breach comes on the same day that children's charities urged 
ministers to ban companies from trawling websites such as Facebook to 
gain access about potential employees, in a process known as "digital 
dirt-digging".

Record numbers of people are posting intimate details about their lives 
online, despite warnings from privacy campaigners that photographs are 
extremely difficult to erase once uploaded to the internet.

The Information Commissioner's Office recently reiterated its warning 
[2] about the risk of posting details on social networking sites after a 
study found that the amount of information stored about us on the web 
will grow by a factor of ten between now and 2011.

In a statement acknowledging the security flaw, a Facebook spokesman 
said: "We take privacy very seriously and continue to make enhancements 
to the site.

In June last year, Facebook was forced [3] to update its privacy 
settings after it was revealed that certain information about users - 
such as their sexual preference and religious beliefs - could be 
ascertained by searching the site.

[1] http://ap.google.com/article/ALeqM5ijANq3fmx9AZNNrf7Q1PwCN1cKUAD8VK51UG1
[2] http://technology.timesonline.co.uk/tol/news/tech_and_web/article3529108.ece
[3] http://technology.timesonline.co.uk/tol/news/tech_and_web/article2005618.ece


___________________________________________________      
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn 



This archive was generated by hypermail 2.1.3 : Tue Mar 25 2008 - 22:20:39 PST