Slashdot Mirror

← Back to Stories (view on slashdot.org)

Facebook Bug Could Give Spammers Names, Photos

Posted by timothy on from the who-am-I-again? dept.

angry tapir writes with this excerpt from an IDG report: "Facebook is scrambling to fix a bug in its website that could be misused by spammers to harvest user names and photographs. It turns out that if someone enters the e-mail address of a Facebook user along with the wrong password, Facebook returns a special 'Please re-enter your password' page, which includes the Facebook photo and full name of the person associated with the address. A spammer with an e-mail list could write a script that enters the e-mail addresses into Facebook and then logs the real names. This could help make a phishing attack more realistic."

12 of 145 comments (clear)

  1. Not a Bug by FrozenTousen · · Score: 5, Funny

    It's a feature. Say you get amnesia and all you remember is your email address. Now, thanks to Facebook, you have a means of finding out your name, and what you look like!

    --
    I'm a popular stranger, I'm nobody famous, I'm a famous nobody.
    1. Re:Not a Bug by Anonymous Coward · · Score: 5, Funny

      It's a very serious bug. Spammers aren't _supposed_ to be able to scrape that information without paying facebook for it.

    2. Re:Not a Bug by by+(1706743) · · Score: 4, Funny

      It's a feature. Say you get amnesia and all you remember is your email address. Now, thanks to Facebook, you have a means of finding out your name, and what you look like!

      Imagine how much simpler the plot for The Bourne Identity would have been.

  2. From TFA by wideBlueSkies · · Score: 5, Funny

    >>Scraping Facebook for this type of information is prohibited, she added.

    Oh, yes. That'll stop em'. Stern warnings always do.

    --
    Huh?
    1. Re:From TFA by Monkeedude1212 · · Score: 2, Funny

      Strongly worded public letters deter most bots.

  3. Answer: some 22yo kid on a powertrip by e065c8515d206cb0e190 · · Score: 2, Funny

    Here comes Mark.

  4. Re:*Smack Face* by Anonymous Coward · · Score: 2, Funny

    Seriously? Who is freaking writing these web pages?

    Probably an ex-Slashcode developer.

  5. *does not affect deactivated accounts by Rooked_One · · Score: 2, Funny

    I deactivated my account log ago, and just checked - it doesn't say a word about who I am. Not sure if anyone else has tried this to actually see if it works.

  6. Re:This flaw is no longer available by Farmer+Tim · · Score: 4, Funny

    Slashdot: recent history for nerds, stuff that once mattered.

    --
    Blank until /. makes another boneheaded UI decision.
  7. Re:Scrambling, my ass... by Anonymous Coward · · Score: 2, Funny

    The site should go down for maintenance until they fix the issue, and only then brought back online.

    Good idea. I'm all for bringing it down. Think of how much more productive households, college campuses, and the workplace will be for networks not already blocking facebook access. The increase in productivity would cause a spike in the world economy and take us out of the recession :-)

  8. Re:Return vs. Fresh Login by AnAdventurer · · Score: 4, Funny

    Best line EVER: A spammer isn't going to have your cookies

    --
    6.8SPC TR of 550, l xwind at 6, drift rt at 26" drops 77". AT has 503 ft-lbs at 1403 fps. FT 0.86
  9. Re:Need an adult by Matt+Perry · · Score: 2, Funny
    I know! He's just making money for the company hand over fist. Obviously he doesn't know anything about running a company.

    </sarcasm>

    --
    Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.