:::: MENU ::::

Major Facebook Security Loophole Makes Private Walls Accessible to Everyone

Privacy, and Facebook are two words that you see in posts all to often. Today is another one of those days. I just discovered what I believe to be an unknown flaw in these settings, which allows any user to view a user’s private wall.

Here’s how:

Go to the wall of a person who currently does not allow you to do view their wall. Once you’ve done this, scroll to the bottom of the page and select Report / Block this Person. You should see the Report and / or block window as pictured below appear.

Facebook Privacy Flaw - Report / Block Screen

Facebook Privacy Flaw - Report / Block Screen

Put a check mark in the Report this person box. Now select Racist / Hate Speech in the Reason box. A new field labeled Abuse Location will appear. Select Wall. Once you’ve done this, you can click on the Use this link to report items on this profiles wall, and voila! You can now view the once unviewable Wall.

    Facebook Privacy Flaw - Wall Showing

Facebook Privacy Flaw - Wall Showing

    Facebook Privacy Flaw - Wall Showing

Facebook Privacy Flaw - Wall Showing

Now like I said above, I believe this is an unknown flaw in Facebook’s Privacy Settings, and a pretty big one. Let’s get the word out to them, and get this issue resolved!

——————————————————————————-

UPDATE: Apparently this security issue doesn’t effect all Facebook profiles, as some people are reporting they are unable to view certain user walls, and receiving the message you see below.


18 Comments

  • Anonymous |

    Thanks Zane! And thanks for confirming it’s still working.

  • Christa Watson |

    Sigh, I used to love Facebook, but now it's just gotten so complicated. Instead of trying to restrict privacy settings, I just don't share anymore :/

  • Kyla |

    looks like they got it fixed already – I got a “no items to report” message

  • John Jordan ✔ |

    As of 8:36pm EST it's still working for me. I wonder if this doesn't affect all privacy settings. Looking into it further now to see what else I can find.

  • Kyla |

    did you guys just try it with friends who block you from their wall? I don't know any of my friends who do this, so I tried it with a couple people who unfriended me, didn't work on either.

  • John Jordan ✔ |

    @Kyla – I've tried it w/a number of people I don't know and am able to see the walls. I'm trying to figure out why a few people have reported the message box I posted in the update to the article. I'm able to see all walls so far.

  • Simon Axten |

    Hi John,

    I work for Facebook and thought I would clarify what's happening here.

    There's no privacy setting for who can see the Wall tab. The report dialog was showing individual posts set to Everyone for people who have a more restrictive overall “Posts by Me” default setting. Because the posts are set to Everyone, they're available through a search on Facebook, or on relevant community pages. While we don't believe there's any privacy bug here, we have decided to change the behavior so it's more consistent with the rest of the site. Now, if the reporter isn't part of the “Posts by Me” default group, he or she won't see these Everyone posts in the report dialog.

    If you have additional questions, you can contact us at press@facebook.com. Thanks.

    Simon Axten

  • John Jordan ✔ |

    Hi Simon,

    Thanks for the reply. Guess i'm a little confused. If you look in the second screenshot in my post, you can clearly see the users Wall tab is not visible. However once selecting the report method i've shown that user's post become visible. I've modified settings on a friends account to reflect what you've said, (and even removed them as a friend to test this) but am still able to view all of there posts.

    Seems like a privacy issue to me.

So, what do you think ?