CNN Mon August 19, 2013
"A Palestinian researcher posted a message on Facebook CEO Mark Zuckerberg's page last week after he says the site's security team didn't take his warnings about a security flaw seriously."
Full Article
Apparently letting Facebook know about a vulnerability was not enough to prove it, so the hole in question was tested and proven on Zuckerberg's own Facebook profile. For a company that holds profiles and personal information for a massive number of people (myself included), I find it even more disturbing that evidently the researcher had tried other ways to warn Facebook of the vulnerability only to have the warning dismissed.
Security holes happen, and many companies have paid a dear price for them, but in this case the hacker was not trying to steal information, only to inform the company before someone less savory did. Facebook needs to seriously question its methods and means of keeping secure, as well as how they treat reports of potential breaches.
Shame on you Facebook, you really dropped the ball on this one. I am just glad it was someone with an honest intent who discovered it and hope that he is the only one who has found it!