Facebook has to stifle another attack on its information security, as the social network admitted to have inadvertently publicized some of the private messages of its users, which means that anyone could read them.
The social network said around 14 million people were affected by a security error that, for a period of nine days between 18 and 27 May, caused the profile publications to be established as public by default , allowing anyone to have access to that material.
“We recently found an error that suggested posting automatically when some people created their posts on Facebook. We have solved this problem and we inform all those affected and ask them to review the publications they made during that time” said Erin Egan, head of the office of information security, in a statement.
“To be clear, this error did not affect posts people have published before, and they can still choose who accesses their publications as they always have. We’d like to apologize for this mistake”. It is believed that the theft was due to the new features that Facebook was testing to allow users to share “highlights” in their profile that are configured for “public” visibility.
Unfortunately, the feature made all the new publications, not just the highlights, public. Facebook said it will notify all users that may have been affected by this information security error.
The mistake is another shameful blunder for Facebook, according to information security experts from the International Institute of Cyber Security, at a time when the business can hardly afford to throw more doubts about its ability to secure the personal data of its users.
Less than three months ago, Facebook was sent to combat the crisis that erupted after it was discovered that Cambridge Analytica researchers were able to steal profile information from millions of Facebook profiles through fake applications.
It was later revealed that the research group was far from being alone with its shady deals, and that around 200 applications would be suspended for violating computer security and Facebook terms of service.
“We didn’t take a sufficiently broad view of our responsibility, and that was a big mistake,” said CEO Mark Zuckerberg to the U.S. Congress.
“It was my mistake, and I’m sorry.”
Information security specialist, currently working as risk infrastructure specialist & investigator.
15 years of experience in risk and control process, security audit support, business continuity design and support, workgroup management and information security standards.