AP Exclusive: Alarming network glitch makes the Internet lose track of who is who on Facebook
SAN FRANCISCO (AP) — A Georgia mother and her two daughters logged onto Facebook from mobile phones last weekend and wound up in a startling place: strangers’ accounts with full access to troves of private information.
In each case, the Internet lost track of who was who, putting the women into the wrong accounts. It doesn’t appear the users could have done anything to stop it. The problem adds a dimension to researchers’ warnings that there are many ways online information — from mundane data to dark secrets — can go awry.
The women, who live together in East Point, Ga., outside Atlanta, had recently upgraded to the same model of phone and all used the same carrier, AT&T.
Sawyer contacted The Associated Press after reporting the problem to Facebook and AT&T.
The problem wasn’t in the phones. It was a flaw in the infrastructure connecting the phones to the Internet.
That illuminates a grave problem.
Generally Web sites and computers are compromised from within. A hacker can get a Web page or computers to run programming code that they shouldn’t. But in this case, it was a security gap between the phone and the Web site that exposed strangers’ Facebook pages to the Sawyers. Misconfigured equipment, poorly written network software or other technical errors could have caused AT&T to fumble the information flowing from the Sawyers’ phones to Facebook and back.
Fortunately, Hamiel said, the vulnerability would be of limited use to a hacker interested in pulling off widespread mayhem, because this hole would let him access only one account at a time. To do more damage the criminal would have to pull off the unlikely feat of gaining full control of the piece of equipment that routes Internet traffic to individual users.
AT&T spokesman Michael Coe said its wireless customers have landed in the wrong Facebook pages in “a limited number of instances” and that a network problem behind those episodes is being fixed.
The Sawyers experienced a different glitch. Coe said an investigation points to a “misdirected cookie.” A cookie is a file some Web sites place on computers to store identifying information — including the user name that Facebook members would enter to access their pages. Coe said technicians couldn’t figure out how the cookie had been routed to the wrong phone, leading it into the wrong Facebook account.
He also said AT&T could confirm only that the problem occurred on one of the Sawyers’ phones, possibly because they had logged off Facebook on the other two before reporting the incident.