

A Facebook “Bug” Revealed Personal E-mail Addresses - martey
http://gadgetwise.blogs.nytimes.com/2009/05/07/a-facebook-bug-revealed-personal-e-mail-addresses/

======
doosra
The problem feature "allows users to quickly find out whether people they know
are on Facebook and invite them to become a friend by uploading a .txt or .csv
file of email addresses."

Facebook would reveal alternate email addresses of a user if at least one
matched the .txt list. This bug was fixed.

The feature can still be used to validate email addresses, for example by
spammers. Further, many social networks display limited information about the
user, which can be useful demographic information to a spammer, if the email
address is known (guessed correctly).

This feature is very useful and is critical in quickly expanding one's social
network. Unfortunately, it seems it can be easily exploited. How would one
prevent misuse? Limiting the number of email addresses checked in the .txt
file may be one partial solution.

------
bdotdub
I posted this on the post, but does anyone else think he was looking for some
sort of 15 mins of fame?

Emailing the press with other peoples' email addresses without notifying
Facebook first seems like it was the wrong thing to do. I'm sure Facebook
would've liked to fix it before the press (and spammers) got to it.

Seems like he wanted to guarantee that his name would be in some newspapers

