(800) 681-5470 
A Georgia mother and her two daughters logged onto Facebook from mobile phones last weekend and ended up viewing a strangers account and had full access to loads of private information.
The glitch by AT&T was the result of a wireless carrier routing problem. AT&T revealed a little known security flaw with far reaching implications for everyone on the Internet, not just Facebook users.
Basically, the Internet lost track of who was who, putting the women into the wrong accounts. At this time, it doesn’t appear the users could have done anything to prevent it. Many security experts said they had not heard of a case like this, in which the wrong person was shown a Web page whose user name and password had been entered by someone else. It’s not clear at this time whether this incident is rare or not reported. However, experts say such flaws could occur on e-mail services, and that something similar could happen on a PC, not just a phone.
“The fact that it did happen is proof that it could potentially happen again and with something a lot more important than Facebook,” said Nathan Hamiel, founder of Hexagon Security Group.
Candace Sawyer, 26, says she immediately suspected something was wrong when she tried to visit her Facebook page Saturday morning.
After typing Facebook.com into her Nokia smart phone, she was taken into the site without being asked for her user name or password. She was in an account that didn’t look like hers. She had fewer friend requests than she remembered. Then she found a picture of the page’s owner.
“He’s white – I’m not,” she said with a laugh.
Sawyer logged off and asked her sister, Mari, 31, her partner in a dessert catering company, and their mother, Fran, 57, to see whether they had the same problem on their phones.
Mari landed inside another woman’s page.
Fran’s phone – which had never been used to access Facebook before – took her inside yet another stranger’s page, one belonging to a young woman from Indiana. They sent an e-mail to one of their own accounts to prove it.
They were dumbfounded.
“I thought it was the phone – `Maybe this phone is just weird and does magical, horrible things and I have to get rid of it,’” said Candace Sawyer.
The women, who live together in East Point, Ga., outside Atlanta, had recently upgraded to the same model of phone and all used the same carrier, AT&T.
Sawyer contacted The Associated Press after reporting the problem to Facebook and AT&T.
The problem wasn’t in the phones. It was a flaw in the infrastructure connecting the phones to the Internet, which illuminates a grave problem.
Generally Web sites and computers can be compromised from within. A hacker can get a Web page or computers to run programming code that they shouldn’t. But in this case, it was a security gap between the phone and the Web site that exposed strangers’ Facebook pages to the Sawyers. Misconfigured equipment, poorly written network software or other technical errors could have caused AT&T to fumble the information flowing from the Sawyers’ phones to Facebook and back.
AT&T spokesman Michael Coe said its wireless customers have landed in the wrong Facebook pages in “a limited number of instances” and that a network problem behind those episodes is being fixed.
Facebook declined to comment and referred questions to AT&T.
It’s unclear how many people were affected by the problem the Sawyers discovered, and whether it was limited to Facebook.
The AP tried to contact two of the people whose Facebook pages were exposed to the Sawyers, but the calls and e-mails were not returned. It’s unclear whether they are also AT&T customers, though security experts said that’s likely the case.
Indeed, it was the case in a similar incident in November.
Stephen Simburg, 25, who works in marketing, was home for Thanksgiving in Vancouver, Wash., when he logged onto Facebook from his cell phone. He didn’t recognize the people who had written him messages.
“I thought I had gotten really popular all of a sudden, or something was wrong,” he said. Then he saw the picture of the account owner: A young woman.
He got her e-mail address from the site, logged off and wrote the woman a message. He asked whether he had met her at some point and she had borrowed his phone to check her Facebook account.
“No,” she wrote back, “but I was just telling my family that I ended up in your profile!”
Simburg and the woman figured out they were both using AT&T to access Facebook on their phones. (AT&T had no comment because the incident wasn’t reported to the company.)
“I felt like I had been let down by the phone company and by Facebook,” he said.
He says he has put the incident behind him. But one piece of it remains: He and the young woman are now Facebook friends.
courtesy: The Associated Press
People who read this, also read...
ShareThis
