Daily, Tech

Major Facebook Security Loophole Makes Private Walls Accessible to Everyone

July 23, 2010

Privacy, and Facebook are two words that you see in posts all to often. Today is another one of those days. I just discovered what I believe to be an unknown flaw in these settings, which allows any user to view a user’s private wall.

Here’s how:

Go to the wall of a person who currently does not allow you to do view their wall. Once you’ve done this, scroll to the bottom of the page and select Report / Block this Person. You should see the Report and / or block window as pictured below appear.

Facebook Privacy Flaw - Report / Block Screen

Facebook Privacy Flaw - Report / Block Screen

Put a check mark in the Report this person box. Now select Racist / Hate Speech in the Reason box. A new field labeled Abuse Location will appear. Select Wall. Once you’ve done this, you can click on the Use this link to report items on this profiles wall, and voila! You can now view the once unviewable Wall.

    Facebook Privacy Flaw - Wall Showing

Facebook Privacy Flaw - Wall Showing

    Facebook Privacy Flaw - Wall Showing

Facebook Privacy Flaw - Wall Showing

Now like I said above, I believe this is an unknown flaw in Facebook’s Privacy Settings, and a pretty big one. Let’s get the word out to them, and get this issue resolved!

——————————————————————————-

UPDATE: Apparently this security issue doesn’t effect all Facebook profiles, as some people are reporting they are unable to view certain user walls, and receiving the message you see below.

You Might Also Like

19 Comments

  • Reply Tweets that mention Major Facebook Security Loophole Makes Private Walls Accessible to Everyone | Hi My Name Is John -- Topsy.com July 23, 2010 at 4:47 pm

    […] This post was mentioned on Twitter by John Jordan ✔, Brad. Brad said: RT @john_jordan: Major @facebook Security Loophole Makes Private Walls Accessible to Everyone http://bit.ly/9KJAL0 […]

  • Reply Christa Watson July 23, 2010 at 9:43 pm

    Sigh, I used to love Facebook, but now it's just gotten so complicated. Instead of trying to restrict privacy settings, I just don't share anymore :/

  • Reply Zane DeFazio July 23, 2010 at 9:46 pm

    Sweet catch

  • Reply Zane DeFazio July 23, 2010 at 9:46 pm

    Sweet catch John!

  • Reply Eryck Dzotsi July 23, 2010 at 10:04 pm

    John this is awesome!!!!

  • Reply Kyla July 23, 2010 at 11:07 pm

    looks like they got it fixed already – I got a “no items to report” message

  • Reply Angelos July 24, 2010 at 12:07 am

    Still works for me.

  • Reply John Jordan ✔ July 24, 2010 at 12:37 am

    As of 8:36pm EST it's still working for me. I wonder if this doesn't affect all privacy settings. Looking into it further now to see what else I can find.

  • Reply Zane DeFazio July 24, 2010 at 1:07 am

    Actually tried this out as of 6:08 PST it works. John, again great find!

    • Reply Anonymous July 24, 2010 at 1:18 am

      Thanks Zane! And thanks for confirming it’s still working.

    • Reply John Jordan ✔ July 24, 2010 at 1:22 am

      Thanks Zane! And thanks for confirming it's still working.

  • Reply Kyla July 24, 2010 at 1:44 am

    did you guys just try it with friends who block you from their wall? I don't know any of my friends who do this, so I tried it with a couple people who unfriended me, didn't work on either.

    • Reply John Jordan ✔ July 24, 2010 at 2:06 am

      @Kyla – I've tried it w/a number of people I don't know and am able to see the walls. I'm trying to figure out why a few people have reported the message box I posted in the update to the article. I'm able to see all walls so far.

  • Reply SiL July 24, 2010 at 1:55 am

    sneaky sneaky!!

  • Reply Simon Axten July 26, 2010 at 8:07 pm

    Hi John,

    I work for Facebook and thought I would clarify what's happening here.

    There's no privacy setting for who can see the Wall tab. The report dialog was showing individual posts set to Everyone for people who have a more restrictive overall “Posts by Me” default setting. Because the posts are set to Everyone, they're available through a search on Facebook, or on relevant community pages. While we don't believe there's any privacy bug here, we have decided to change the behavior so it's more consistent with the rest of the site. Now, if the reporter isn't part of the “Posts by Me” default group, he or she won't see these Everyone posts in the report dialog.

    If you have additional questions, you can contact us at press@facebook.com. Thanks.

    Simon Axten

    • Reply John Jordan ✔ July 26, 2010 at 8:56 pm

      Hi Simon,

      Thanks for the reply. Guess i'm a little confused. If you look in the second screenshot in my post, you can clearly see the users Wall tab is not visible. However once selecting the report method i've shown that user's post become visible. I've modified settings on a friends account to reflect what you've said, (and even removed them as a friend to test this) but am still able to view all of there posts.

      Seems like a privacy issue to me.

  • Reply Brickell Locksmiths August 15, 2013 at 11:38 pm

    Did not know about this flaw. Only one way to find out if it is fixed.

  • Reply Forever November 22, 2014 at 1:54 pm

    I’d venrtue that this article has saved me more time than any other.

  • Leave a Reply