Facebook inadvertently disclosed the birth dates of many of the 80m users who had opted against their personal details being published during a publicly accessible beta test of a new site design.
The security blunder was discovered at the weekend by Graham Cluley, a senior technology consultant at security firm Sophos, while he was having a look at Facebook's new design for profile pages.
While visiting the beta site, Cluley noticed that the dates of birth of some of his friends, who he knew had chosen to have their personal details hidden, were published on the site.
He said: "I was shocked to see people's full date of birth revealed, even though I knew they had their privacy set up correctly to supposedly hide the information."
"It's essential that users of social networks should have confidence that their privacy will be protected -- and it's especially important with information like your date of birth, which can be a golden nugget for a committed identity thief."
Facebook responded by patching the breach within hours of Cluley's discovery.
In a statement, Facebook said: "For a brief period of time, a small number of users were able to access a private beta of Facebook's new site design meant only for developers.
"During that time, some of those users had their birthdays revealed due to a bug."
Cluley said that while he did not consider the blunder a major data breach, it should serve as a warning to users.
He said: "My advice to Facebook users would be, even if your date of birth is set to be non-visible, change it to a made-up date in case this kind of blunder happens again.
"Facebook and other social networking websites need to be more careful about protecting their members' data, or risk losing users."
Facebook is planning to roll-out the new-look profile page to members this week.
Return to marketing news headlines
View Marketing News Archive