Facebook error that hijacks thousands of websites isn't just an 'inconvenience'

The social network's tendrils reach further and deeper than companies and users may feel comfortable with

Thousands of major -- and not-so-major -- websites found their traffic redirected to a Facebook error page yesterday, a phenomenon that lasted upward of an hour, according to varying accounts. Although the social networking site dismissed the event as the result of a Facebook error that was "quickly repaired," it would be imprudent to blithely view the event as a glitch or mere inconvenience. It's downright concerning, both from a business and a privacy perspective.

First, here's what happened: Starting at around 4 p.m. Pacific time Thursday, users attempting to visit an array of disparate websites and services -- from CNN to The Sydney-Melboure Herald to Pinterest to Reddit to Hulu -- were redirected to Facebook and a message reading, "An error occurred. Please try again later." Sites were affected anywhere from 15 minutes to an hour, according to reports.

By Facebook's account, here's what happened:

For a short period of time, there was a bug that redirected people logging in with Facebook from third-party sites to Facebook.com. The issue was quickly resolved, and Login with Facebook is now working as usual.

There you have it: something about Facebook users logging in to third-party sites being redirected. It was quickly resolved. Now let's go Like some memes.

Actually, not so fast. First, ponder the scope of the impact of this little error. Here's a list of just 35 companies, media outlets, and online services that were reportedly affected: ABC, BuzzFeed, Capital.fm, CNN, DailyMail, ESPN, Etsy, Fox News, Gawker, Geico, HBO, Hollywood.com, The Huffington Post, Hulu, InfoWorld, NFL, OKCupid, People, Pinterest, Reddit, Slate, Smallworlds, SwagBucks, The Sydney-Melbourne Herald, TED, The Los Angeles Times, The New Zealand Herald, The Washington Post, Vulture, Weather.com, WikiAnswers, WordPress, XOJane, Yahoo, and YugaTech.

That's a small sample, not to mention it wasn't just media outlets affected but also corporate websites and Web-based services. It's possible that thousands of websites were affected -- really any that have integrated Facebook Connect, the APIs that let users log in to third-party sites using their Facebook accounts.

Website owners should be concerned about this, knowing that their site traffic and associated revenue could be cut off at any moment due to a Facebook glitch that's entirely beyond the site owners' control to fix. Also, does this mean a sufficiently savvy hacker could devise a way to exploit Facebook Connect and redirect thousands of unsuspecting users to destinations other than Facebook, such as a malware page? Mark Zuckerberg and company will have to work overtime to convince site owners this was a one-time event.

Facebook users, too, might be a little concerned by the privacy implications here. Facebook's statement basically said that only end-users actively logging in to a third-party site were redirected to the Facebook error. That's deceptive. The reality is, people who had logged in to Facebook earlier in the day but hadn't bothered to actively log out of the site were affected. No, closing your browser does not log you out of Facebook.

When you log in to Facebook, the service commences tracking your movements on every website you visit that supports Facebook Connect. That's not just for sites that you've intentionally logged in to that day with your Facebook account, either. Also note that Facebook isn't necessarily just tracking which articles you Like, which images you Share, or which videos you Comment on; it can track all articles you read, all the images you look at, and all the videos you watch. That doesn't just include sites that have a Facebook Like button, either; some sites support Facebook Connect but give no overt sign of doing so. (Check out Business Insider's article from last September for more insight on how Facebook tracking works.)

The bottom line here: Facebook clearly isn't the secluded Internet sandbox some observers make it out to be. It not only tracks every move you make when you're using the service, it tracks you as you traverse much of the Internet if you don't take the necessary precautions. Just what does Facebook do with all that data anyway? The privacy implications are potentially creepier than that of Facebook's newly unveiled Graph Search.

This story, "Facebook error that hijacks thousands of websites isn't just an 'inconvenience'," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow InfoWorld.com on Twitter.

Copyright © 2013 IDG Communications, Inc.

InfoWorld Technology of the Year Awards 2023. Now open for entries!