0

It may only have impacted a "small number of users" for a "short period of time" as a Facebook spokesperson put it, but by pushing out buggy code the social networking giant created a potentially huge privacy problem for those whose accounts it did touch upon.

Considering that Facebook has some 350 million users, that 'small number' could be really quite big when you think about it. Facebook itself is not revealing how many were hit earlier in the week when the buggy code push took place, but if it were just half of one percent of the userbase that's still 1.75 million people!

What was the nature of the privacy problem? According to the official Facebook statement regarding the incident "a bug caused some misrouting" and was diagnosed "moments after it began". Diagnosed, perhaps, but not resolved in moments of course. The bug was in the code that routes messages around the Facebook system, which is why some users were complaining of receiving hundreds of emails intended for others. This being, of course, the most private way of communicating with friends on Facebook by using direct email messages although it turned out not to be very private at all for "a small number of users" in that "short period of time" on Wednesday.

Fair play to Facebook for coming clean and admitting to the problem and its cause so quickly, and indeed for resolving it within a relatively speedy timeframe. However, while disclosure is good more disclosure is better. So how about letting us know how many Facebook accounts were actually hit by this, just to give an idea of the scale of privacy cock up that one small buggy code push can cause?

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

1
Contributor
0
Replies
1
Views
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.