Facebook message security breach

I have a message between two people who aren’t me (and aren’t known to me, don’t worry!) sat in both my Facebook Inbox and Sent Messages. The message was sent at 3:04 pm today, apparently.

This does not appear to be the problem mentioned in The Register recently, whose symptoms were that people would see whole pages belonging to other users. I can see my Inbox with messages people have sent to me, but I can see a message between these two people in it. I’ve sent them a message to ask whether they meant to message me, but right now, that looks unlikely.

A while back I wrote about some of the advantages of centralisation for keeping out spam and making new features available quickly. The downside, as livredor pointed out, is that Facebook is a single point of failure.

Could this happen with standard Internet email? Yes: I could mis-address the mail (less likely if I use an address book rather than typing an address by hand), or the recipient’s server could mis-deliver it (usually, if my outbound server hands my mail to the wrong remote server, the remote end will reject it). Are popular mail servers more reliable than Facebook? Almost certainly, I’d say. Lots of people are on Facebook, but I reckon the volume of Internet email is still orders of magnitude greater than that of Facebook messages. The email servers handling that volume are so reliable that I’ve never heard of a case of mis-delivered (as opposed to mis-addressed or lost) email. Google Groups doesn’t seem to have done so either, or at least, the evidence is uncertain. The Usenet postings I found talking about mis-delivered mail seemed to be explained by the little-known fact that Internet email is like a letter: there’s an envelope destination address used to deliver it, as well as the “Dear Fred” saluation you see in the To: header or Cc: header. I had a friend at university who used to send out party invites which looked as if they been addressed to president@whitehouse.gov and god@heaven.org. Anyway…

Don’t send anything sensitive in Facebook messages, will you?

Edited to add: The message has gone again now. I’ve used the help form to tell Facebook about it, so we’ll see what they say.

2 Comments on "Facebook message security breach"


    1. By all means. I think I’ll email Facebook themselves, after I’ve removed the status message calling them a bunch of amateurs.

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *