This is how everything started: A friend forward me an email from a FB group not... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

nico-roddz on Nov 2, 2012 | parent | context | favorite | on: More than 1MM Facebook accounts exposed

This is how everything started:

A friend forward me an email from a FB group notification

Something like:

http://www.facebook.com/n/?groups%[id here]%2Fpermalink%[id here]%2F&mid=[id here]&bcode=[id here]-mjoi&n_m=[email adress here]

When I clicked the url I got automatically logged into my friend's account.

So is definitely a Facebook security issue.

Then I tried some google searches to see if I could find some urls containing the parameters:

bcode= &email= n_m= mid=

Not a big deal, really.

dhimes on Nov 2, 2012 | [–]

Thanks for catching this nico-- looks like it's been removed from Google.

nico-roddz on Nov 2, 2012 | | [–]

You're welcome!

cbjoe on Nov 2, 2012 | [–]

I suspect this was caused by Google software, most likely Chrome or Google Toolbar, sending these private URLs to Google to be indexed.

Matt_Cutts on Nov 2, 2012 | [–]

See elsewhere on this discussion where I debunked your theory.

Join us for AI Startup School this June 16-17 in San Francisco!
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact