There is a story floating around where a limited number of AT&T users were directed into the Facebook accounts of someone else. Personally, I think the headline is more sensationalistic than anything – “scary web error” – come on now.
This appears to be a misconfiguration for a proxy forwarder on the part of AT&T where the session cookies from Facebook were sent to the wrong browsers. Since Facebook (and most social networking sites) use a non-encrypted session, then it is technically possible for this to happen.
Here is the thing that gets me. What sort of “sensitive private data” does anyone really have stored in Facebook?
- You have your name and address? You can get that from whitepages.com or google phonebook or any phonebook.
- You have a list of your friends and their names and addresses? see above.
- You have your mobile number? Big deal – really. We typically give out our mobile number like our home phones now.
- You birthdate and school information? That can be found easily too.
- Your inbox of comments from your post about your breakfast? Big deal.
- Your FarmTown account? Right.
My point is that how is there a sensitive data breach? I really hope most people are not foolish enough to conduct sensitive business through Facebook’s messaging system.
It would help if Facebook would switch to an SSL session like Gmail – but even then I still ask? What sensitive private data?