A security flaw in the popular social networking site Facebook’s notification systems has rendered the accounts of some users accessible without passwords.
The website Hackers News first exposed the flaw and demonstrated how it was possible to compromise Facebook accounts using a search string that exploits a system used by Facebook for letting users quickly log back in to their accounts.
Facebook permits users to log in more conveniently by clicking links to status updates or other notifications from the site and the log in details are amalgamated into the links. Normally this is fairly safe as the links are only sent to the account holders email addresses but poor security with a number of disposable email service providers has revealed these details online, thus enabling the hackers to log in to other users accounts.
Facebook have been pretty quick to act and have suspended this service pending a more permanent fix.
The BBC discusses this story further here.