Facebook quickly fixed a privacy leak in its new timeline after being alerted to the problem, according to a watchdog that follows the social-networking site closely.
Europe v. Facebook, an Austrian student organization that has filed complaints in Europe over Facebook's privacy practices, said it found the redesign allowed "friends of friends" to see all of the events a user attended even if the person's privacy settings only permitted their friends to see the events.
"Users were able to look through often times thousands of past events users were invited to, including demonstrations or gay parties," the group said in a media release.
The timeline changes also allowed someone to see batches of event activity under a heading called "events," according to Europe v. Facebook. Details of events attended can be deleted, but it must be done manually, which Europe v. Facebook said could take "hours."
After it was notified, Facebook fixed the problem within a couple of hours by getting rid of the "events" heading, Europe v. Facebook said.
Most users have not seen the new changes to the timeline because Facebook has not upgraded all users to it, Europe v. Facebook said. Facebook announced the changes last Wednesday, which it said would roll out to users over a few weeks.
Facebook officials could not be immediately reached on Sunday.
Europe v. Facebook filed 22 complaints with the Irish Data Protection Commissioner (DPC) in August and September 2011 related to Facebook's privacy and data handling practices.
Facebook committed to changing how it retains data and changed some privacy controls following a critical audit by the regulator released in December 2011. Europe v. Facebook, unsatisfied with the changes, has continued to press the DPC for more action.
Send news tips and comments to firstname.lastname@example.org. Follow me on Twitter: @jeremy_kirk
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.