Today a facebook friend request was in my mail inbox. It was, well, from a friend. The click on ‘Confirm friend’ took me to facebook and as I wasn’t logged in, the login page was presented to me. To my surprise it was suggesting I log in with my friend’s email address, the one I was about to confirm!
Now that’s odd i thought, funny bug. Source reading revealed the confirm friend link does actually contain the requesting person’s email address in clear text and not as one might expect the much less exposing facebook id.
Now with the recipient being someone I’d like to be friends with this isn’t such a big deal, but still, dear facebook people, you should be a bit embarassed about such first semester student privacy glitch, and of course fix it asap.