Something that was supposed to be a shortcut for users of Facebook Inc(NASDAQ:FB) to log in to their pages did not really end up as expected. E-mail addresses were exposed and there were situations when a few accounts stood at risks of being potentially accessed.
A spokesman of Facebook said that the company had created the shortcut, called auto-login. It was intended to allow some users to access their pages directly by clicking on the link. The feature allowed them to access their accounts directly instead of logging in from Facebook.com.
The company revealed that some of the links required users to type their passwords while some others did not.
On a technology discussion board on Hacker News, an engineer from Facebook, Matt Jones said that the company has offered the service in order to make things easier for users. He said the feature was not made with the intention to make the e-mail address of users publicly available.
However, e-mail addresses did go public.
Frederic Wolens, the Facebook spokesman said that a few users may have posted links on the web, letting anyone to search up for them. Such links could allow a stranger to access the Facebook Pages that are associated with them. The e-mail addresses of respective users also get exposed in the process. Wolens said that he had no clarification as to why someone would post the links.
On finding out the loopholes, Facebook discontinued offering the feature.
The thread on Hacker News said that more than 1 million Facebook accounts have been affected with this feature. Facebook could not confirm the exact figure on Friday.
A private security company, TrendMicro that offers safety tools for people using Facebook, said that web address shortcuts were intrinsically dangerous since they could eventually wind up being on the Web.