Facebook took time today to make a big announcement about iPhone coupons and new mobile sign-in partnerships. Then it quietly admitted it will take "months" to protect your Facebook account from being hijacked at Starbucks and other cafés. Great.
Amid all the hoopla over Facebook's iPhone press event, a spokesperson for the social network acknowledged to Forbes.com's Kashmir Hill that the company is aware of a recently-released tool that makes it super easy to hijack Facebook accounts on open wireless networks like Starbucks', but won't be fixing the problem any time soon.
"We have been making progress testing SSL access across Facebook and hope to provide it as an option in the coming months," the spokesperson said. "We advise people to use caution when sending or receiving information over unsecured Wi-Fi networks." Of course, using an "unsecured" Wi-Fi network would be perfectly harmless if sites like Facebook transmitted people's login secrets via encrypted connections like they were supposed to.
In the meantime, you can expect people to keep pulling stunts like this one, where a blogger collected login credentials for 20-40 Facebook accounts by sitting in a New York Starbucks for half an hour with his laptop open. He eventually sent 20 of the victims warning messages from their own accounts. Facebook will probably realize the importance of this security vulnerability once one of the national news networks tries a similar prank; for now the company clearly has priorities other than safeguarding its users, like tasting some of that sweet, sweet iPhone money.
[Photos via Getty]