Facebook security compromised?

Is it just me or is Facebook’s security not working as it should this morning? On logging in today the login screen presented me with another person’s login email (but not password) and seems to be doing this on a regular basis. What’s more, when logging in as myself I’m taken to the News feed page of another person entirely. I can see their notifications, and access their friend’s profiles (who are not friends of mine). Sometimes when I click on Profile to go to my profile page I’m taken to somebody else’s profile entirely (but in read only mode)

As I write this it seems to have started behaving itself. However there was definitely something wrong there for a while. I don’t know if it was with Facebook itself or some intermediate proxy issue (but then surely FB are setting no-cache on their pages?)

Nope, It logs me in ok, and shows my news feed, but when I click on the 1 notification it tells me I have it goes off to somebody elses notifications. Oops. Now I can access their inbox 🙁

I think somebody needs to page a Facebooker out of bed!

8 thoughts on “Facebook security compromised?

  1. I’m having the same problem. Having a mild panic attack at the moment.

  2. Hmm, looks like this is an issue with the IBM proxies caching Facebook pages it shouldn’t as the pages I’m taken to belong to other IBMers by the look of it. However I’m not seeing anything in the HTML of Facebook pages to tell the proxy not too. Seems to be a particular problem with generic URLs which don’t contain a unique identifier in the URL e.g. http://www.facebook.com/inbox

  3. Same happened to me many times, Adrian. I was kind of afraid that someone was hacking into my computer. Not such a good security, huh?

  4. I also had this, although, not on facebook, but on my own personal blog through the IBM proxies. – This is most likely not an issue with facebook, but with the proxies ignoring the cookies and proxy headers you send to identify requests.

    I didn’t open a ticket though… did anyone have this investigated?

    I noticed that it went away for me on my blog after doing a Ctrl-Shift-Reload in IE.

    YMMV

Leave a Reply