Update 1: Facebook have now fixed this exploit, and have also ask we remove the pictures of proof below. We’re going to comply with their request, but expect a follow up story shortly on how we did it.
Update 2: Watch our video on just how we did it.
Facebook has long touted their privacy settings as being highly customizable and secure, so you can be more open and comfortable about sharing information with just the people you choose, but what about when you want protection for your identity, does it really work? And how would you feel if that information was accessible to anyone, anywhere, even if your account was COMPLETELY hidden?
FBHive, for our premiere feature article, is first to break this story.
In June 2007, The Register reported that Facebook Search could be utilized to sniff out private information. This is similar to what we have achieved, only our process is much more simplified and specific. With a simple hack, everything listed in a person’s “Basic Information” section can be viewed, no matter what their privacy settings are. This information includes networks, sex, birthday, hometown, siblings, parents, relationship status, interested in, looking for, political views and religious views.
We have already reported this bug to Facebook on June 7th 2009, through multiple avenues, but it has received little attention. Hopefully this incites a little more action from them.
So I suppose you want proof, right? First up, Facebook Founder and CEO, Mark Zuckerberg:
According to Wikipedia he’s been happily married since October 2008. His Facebook profile only says he’s engaged.
If you still don’t believe us, feel free to leave a link to your Facebook profile in the comments and we will gladly tell you a little bit about yourself that you thought only your friends could see. (Edit: Since TechCrunch has now confirmed our exploit as real, we will no longer be offering further proof for individuals.)
We are not malicious hackers by any means, and our skills are far from advanced. We here at FBHive are fans of Facebook, but when a security hole as big as this is discovered and brought to their attention, it shouldn’t take 15 days to fix.
We can confirm that as of June 22, this hack is still working. In the next few days, we will be posting a follow-up article that details how we did it.