It’s been a pretty rough few weeks for Facebook, at least from a PR standpoint. There’s been the barrage of complaints over the site’s privacy changes, not to mention a bug that could expose private Facebook IM conversations. Now, rubbing just a dash more salt into those wounds comes one more privacy hole.
Brace yourself: Facebook’s iPhone application ignored user privacy settings on the “Favorite Quotations” section. That’s right. Those cheesy movie quotes, emo song lyrics, and inside jokes that you have in your profile could be accessed through the official Facebook iPhone application by anyone, even if you’d restricted the visibility of that section.
We alerted Facebook to the glitch and they had a fix in place within a few hours. The odds of anyone freaking out about this are quite low. But it does raise the question: how exactly do bugs like this keep making it to production? The iPhone app, in particular, has had a handful of strange privacy glitches in the past, including one that ignored the privacy settings of user status updates.
Other recent Facebook security issues include multiple XSS holes discovered on Yelp, which could have exposed user data through Facebook’s controversial Instant Personalization feature.