M.J. Keith, a senior security analyst with security firm Alert Logic, has discovered a Facebook Web programming flaw that could allow hackers to alter profile pages or make restricted information public, according to an IDG News Service article in The New York Times.
The bug involves the way Facebook verifies that browsers connecting with the site were the ones they claimed to be. Keith discovered that by deleting the "post_form_id" token he could change many settings on any Facebook account, such as making users' private information public, changing or reading profile information, even adding new contact e-mail addresses.
Facebook claims it has fixed the bug and says it is not aware of any malicious activity involving it.
The company recently rolled out two new security features designed to protect users from phishers and other online scammers.