Facebook noted on Tuesday that they closed a leak that enabled spammers to automatically post wall messages and personal messages to friends.
The hole in the system caught users by making them click on a link to one of the applications that had a bug to auto-post messages to random users. The apps which appeared to be sending people to a survey website were disabled on Monday, according to the company.
“Earlier this week, we discovered a bug that made it possible for an application to bypass our normal CSRF (cross-site request forgery) protections through a complicated series of steps. We quickly worked to resolve the issue and fixed it within hours of discovering it,” Facebook said in a statement. “For a short period of time before it was fixed, several applications that violated our policies were able to post content to people’s profiles if those people first clicked on a link to the application.”
Facebook users should always practice safe “netiquette” when finding suspicious-looking links, even if they come from loved ones.
AllFacebook called it “one of the fastest spreading scams we’ve seen on Facebook to date, and also one of the largest security glitches in the Facebook platform.”
The scam comes a mere few days after Facebook fixed a bug in its photo-uploading process which enabled spammers to post photos to people’s profiles that had not been approved in the first place.