Update 2: The issue is reportedly resolved.
Update: Facebook is already fixing the issue. AllFacebook got a statement from the company saying:
We have technical systems in place to prevent people’s names and photos from showing to unrelated users upon login, but a recently introduced bug temporarily prevented these from working as intended. We are already working on a fix and expect to remedy the situation shortly.
Original Article: You might recall a recent "leak" of Facebook account information that some guy shared in a torrent that turned out to be nothing but data that was already publicly available. Now there’s another story about a Facebook "leak" that gives out information – your name and profile picture.
This is of course publicly available data as well. The Register points to a report from Secfense Technologies talking about a "bug" that lets you go to Facebook and try to log-in with any email address and any wrong password and shows you the profile picture and name that goes with that email address, if that address was used to create a Facebook account.
"The information leak can be exploited by social-engineering scammers, phishers, or anyone who has ever been curious about the person behind an anonymous email message," writes The Register’s Dan Goodin. "If the address belongs to any one of the 500 million active users on Facebook, the social-networking site will return the full name and picture associated with the account."
How exactly this information would be used to perpetrate an attack is less clear, given that the attacker would already have the email address. I guess they could add your name to the email, but much of the spam we already get does this anyway, and a lot of people already include their names in their email addresses.
In other cases, the issue could conceivably lead to a more personalized phishing attack, but I’m not sure how much it would increase the likelihood of such an attack being successful. It’s something worth being aware of, but I have a feeling this will be blown way out of proportion. If you’re that concerned about this, try Googling your email address and see if you don’t find a result with your name.
As far as the profile picture, I don’t see how knowing what you look like can do much to make a spam attack more effective. Do you think this is a big deal? Keep in mind, this functionality has probably been in effect for quite some time.
According to InformationWeek, Facebook is investigating the issue, and it wouldn’t be surprising if it is changed, if not just to ease concerns. The last thing the company needs right now is to get people riled up about privacy again. I can’t tell that the feature has much of a purpose anyway, so they can probably part with it.