For all the credit Facebook has received for its privacy controls and user
safety, the site still falls prey to an unsettling number of security issues and
potential data breaches. Last month a botched code push accidentally revealed
private user email addresses, and before that Facebook accidentally sent private
messages to the wrong recipients. Today, security engineer Joey Tyson, AKA
theharmonyguy, has detailed a major security hole in Facebook Platform — one
that would allow a malicious website to silently access a user’s profile
information, photos, and in some cases, messages and wall posts, with no action
required on the user’s part.
