Last night a glitch in Facebook caused a limited number of users to have their Facebook inbox exposed to other users. While a Facebook rep is quoted as saying that their engineers had diagnosed the problem and are working on it, it begs the question of why such buggy code updates got through in the first place, as they violate users’ privacy.
The bug is said to only affect a small slice of early-adopter Facebook users who also attended Harvard University. Some users started receiving Facebook notifications in their regular email inboxes that were clearly not for them. At least one person received “hundreds” of notifications (as pictured in the image above which was posted to Twitpic).
Now, it’s no secret that Facebook pushes out multiple changes regularly. Sure, bugs do occasionally slip through the cracks, but when it’s of this nature, that’s not acceptable. Facebook likes to refer to its Engineering team, but as a veteran code developer myself, it makes me wonder how much engineering QA (Quality Assurance) is being done on these changes? Code that works doesn’t suddenly not work if you have proper “test suites” in place.
In comparison with 400+ million users, the number of affected users is certainly small, but is this sort of bug acceptable in a production system, especially when privacy violations are at issue? If Facebook does publish its rumored Titan email client, will this be acceptable? Is Facebook, with only about 1,000 staff members, pushing too hard with regular changes and thus cutting corners? Where are the various Product Managers in the QA process? This isn’t the first time that Facebook has had inbox issues.
The worst part about this bug: at least a few users were locked out of their Facebook accounts while engineers look at the problem. Then again, not accessing Facebook is probably better than having your inbox exposed. See Alley Insider for more information about the Facebook bug.