An error in Hulu's integration with Facebook Connect allowed tens of users to access other people's accounts and view sensitive information about them.On July 1, Hulu began giving users the option to link their accounts with Facebook. To encourage this, the company offered adopters an one-month free Hulu Plus subscription.
However, users taking the company up on its offer and attempting to use Facebook Connect had the surprise of finding themselves logged in into other people's accounts.
This allowed them to see the names, home addresses and email addresses of those customers, as well as their preferences, history and devices linked with the account.
"
If I was a jerk, I could cancel his Hulu Plus account, turn off all his devices and change his email / password,"
wrote Mike Flacy of Audio Video Revolution referring to the owner of the account he found himself in.
"If I was a devious thief, I could slip my device onto his account and get some free Hulu Plus until he noticed," he added.
Other people reported a similar experiences on Twitter, prompting Hulu to suspend the login system and launch an investigation into the matter.
In a post on the company's blog, Richard Tom, Hulu's vice president of platform technology, revealed that the security breach was the result of a coding/configuration error.
"
We’ve been able to confirm approximately 50 affected users whose profile data, including email addresses, could have been accessed. But no one gained access to Hulu systems or highly sensitive user information such as passwords or credit card numbers," he
said.
As a precaution, Hulu set the privacy settings of all users who logged in through Facebook Connect during the affected period to the highest possible level. Facebook Connect has been removed as an authentication option until the company reviews and fixes its integration.
Find us on Google+
No user comments yet.
Be the first to express your opinion!
