Facebook has withdrawn the recently introduced shortcut which allowed users to easily login to their pages. The shortcut was taken off as it exposed the email addresses of users potentially giving access to their accounts as well. The shortcut called auto-login let users to directly go to their pages by clicking on a web link sent to their email addresses. By clicking the link, users could skip going to Facebook.com and logging in. Some links required users to type their passwords while some links didn’t require this step.
Matt Jones, an engineer at Facebook mentioned in a discussion board that the company had offered this service for promoting ease of use and had not intended to make Web addresses publically available. Although the web addresses became publically available unlike the expectations of Facebook.
Facebook spokesman, Frederic Wolens said that several users had posted the shortcut links on the web, allowing them to be accessible by anyone who searches for it. These links could give any stranger direct access to the Facebook pages connected to the user and also their email addresses.
Facebook discontinued the shortcut as soon as it found that several users were posting these links on web pages. Why someone would post these shortcut links on web pages is something which is puzzling the Facebook team. Hacker News, a discussion forum, reported that over 1 million Facebook accounts were affected by this flaw in security. Facebook although has not confirmed this report.
TrendMicro, a private security company which offers safety tools for Facebook users said that Web address shortcuts were really dangerous as they could ultimately end up on the cyberspace. The company representative Tom Kellerman said that lots of hackers were targeting portals such as Facebook because of the ubiquitous trust and use of them. The news regarding the security loop hole came a week after Bogomil Shopov, a Bulgarian blogger, claimed that he had purchased 1.1 million Facebook usernames and email addresses for $5 from gigbucks.com.