Report: Facebook patches flaw allowing password bypass

Social networking giant Facebook has patched a flaw that can potentially allow unauthorized users to access members' accounts, a tech site reported late Monday. Facebook disabled the vulnerability that involved links in emails sent out by the social network, according to a report on CNET. "(D)ue to some of these links being disclosed, we've turned the feature off until we can better ensure its security for users whose email contents are publicly visible. We are also securing the accounts of anyone who recently logged in through this flow," said Matt Jones, who works on the Facebook security team. The CNET report said the links could potentially log a user into a Facebook account without secondary authentication such as entering a password. Google has since disabled the links and no longer displays results from related search queries, it added. Jones said Facebook only sends these URLs to the e-mail address of the account owner for their ease of use and never make them publicly available. Even then, he said Facebook puts protection in place "to reduce the likelihood that anyone else could click through to the account." — LBG, GMA News