Facebook’s new API has been shown to have a major privacy hole that can allow users to view strangers public “events” which Facebook users have said they will attend, or even attended even if that person is not a “friend” of theirs on the social network.
The hole discovered by Ka-Ping Yee, a software engineer for the charitable arm of Google when using the new Graph API released last Friday. In some cases but not all allows the user to see the private details. Ka-Ping was so shocked when he found the hole that he didnt belive it himself to start until he carried out more tests and was able to see Facebook founder Mark Zuckerberg’s planned public events.
Yee suggests that the simplest way to prevent your name appearing in such lists is to put “not attending” against any event you are invited to. More information can be found on his blog here.