Hacker News new | ask | show | jobs
by nico-roddz 4974 days ago
This is how everything started:

A friend forward me an email from a FB group notification

Something like:

http://www.facebook.com/n/?groups%[id here]%2Fpermalink%[id here]%2F&mid=[id here]&bcode=[id here]-mjoi&n_m=[email adress here]

When I clicked the url I got automatically logged into my friend's account.

So is definitely a Facebook security issue.

Then I tried some google searches to see if I could find some urls containing the parameters:

bcode= &email= n_m= mid=

Not a big deal, really.
2 comments
dhimes 4974 days ago
Thanks for catching this nico-- looks like it's been removed from Google.
link
nico-roddz 4974 days ago
You're welcome!
link
cbjoe 4974 days ago
I suspect this was caused by Google software, most likely Chrome or Google Toolbar, sending these private URLs to Google to be indexed.
link
Matt_Cutts 4974 days ago
See elsewhere on this discussion where I debunked your theory.
link