Facebook users' dates of birth were revealed at some point in public beta tests of a profile redesign. According to the security firm Sophos, the information was visible to others, even if a member had requested it remain private.
"For a brief period of time, a small number of users were able to access a private beta of Facebook's new site design meant only for developers. During that time, some of those users had their birthdays revealed due to a bug," Facebook said in a statement.
The user data would be valuable for identity thieves, warned Graham Cluley, senior technology consultant at Sophos.
Cluley claimed in a web posting that Facebook told members to use a fake birth date going forward, which could violate Facebook's own policy.
In the online post, Cluley said, “Facebook requires you to provide your real birth date, but then failed to properly protect it. With Facebook's terms and conditions as they are at the moment, you need to decide whether you are prepared to deliberately violate them, or stop using the social networking website entirely.”
Facebook demurred, however. A Facebook spokesperson told SCMagazineUS.com that "Facebook has in no way suggested that users set up false birthday information."
According to the Facebook developer's blog, Facebook will start rolling out its new corrected design to users this week.