Not intentionally, alas: a story topping Digg from an anonymous one-hit-wonder-blog called FacebookSecrets (an increasingly common tactic for spreading data around) shows that a part of Facebookâ€™s source code was exposed to some users this weekend. The blog reposted all the code, which must surely have ruined Zuckerbergâ€™s weekend. A server misconfiguration, not a hack, is being blamed. Facebook has since confirmed the issue.
Now we just need the ConnectU code to be exposed and we can close that case.
This does, however, raise serious questions about how secure Facebook may be. A code leak is a major, major problem for the site – the only thing that would generate more fear would be a hack that gained access to user data.
And thatâ€™s the huge risk: Facebook promotes itself as a place to connect to your â€œrealâ€ self. In fact, they delete any profile that doesnâ€™t represent a real person (I was forced to change my profile name from â€œMashableâ€ to my own, for instance), pretty much guaranteeing that 100% of the data stored there is correct. They also prevent people from signing up with names that sound fake. An exposure of user data, therefore, is the identity thiefâ€™s dream.
These risks increase as Facebook and other social networks open up: Facebook apps have yet to be abused, but thereâ€™s the potential to do so.
My suggestion to Facebook: make a PR move like hiring a â€œsecurity expertâ€ or releasing a security mandate. Anything to stop non-technical journalists picking up on these issues and blowing them out of proportion, similar to MySpaceâ€™s pedophile stories.