Matt Jones, software engineer at Facebook Inc (NASDAQ:FB has replied to a report published on Hacker News. The report was about the loopholes in emails sent out by Facebook. It seems that anyone could have found the content of the emails through Google searches to access the accounts of users without having to enter passwords.
The glitch took into account emails about friend requests or friends commenting on statuses that allow recipients to enter their Facebook accounts without authentication. The Hacker News report also said that the Google users, who had found the content of these emails, also had access to the email addresses that are associated with the Facebook accounts.
Jones has replied that the Facebook security team has looked into the matter and that he is a part of the team. He explained that Facebook only send such URLs to the email address of the account owner for their convenience and there are no intentions of making them public. Nevertheless, the social network has put security in place in order to reduce the chances of anyone clicking through the account.
He further explained for the content of emails to be available on a search engine like Google, there has to be someone positing the content online. For example, people, who have their email addresses directed to email lists with online archives stand at a greater risk.
Jones concluded by saying that if any user runs into something like a security glitch with Facebook, he must feel free to disclose it responsibly through the company’s whitehat program. That would solve the issue.
Sophos’ Naked Security blog has also shed some light upon this glitch. It said that emails are not secure or private if they are not encrypted. That is why credit card information must not be divulged over emails. Facebook has terminated the practice, although temporarily.