starlady: the DW logo in red against a blurred background (dreamwidth)
[personal profile] starlady
There are multiple reports out that LiveJournal's latest code push has created a bug wherein users can, at random, view and edit other users' entries. [site community profile] dw_maintenance has information as to its possible cause.

[personal profile] boundbooks has the actual quote from the first post about this, which was on…Journal Fen.

So, what's all the hub-bub about? Well, as you may have noticed as a Livejournal user, the hover menu on a user's ID has changed significantly and certain browser add-ons like LJ Login no longer work. What you might not know is that there is now a random, but rampant privacy breech on the site. Several users are able to see the f-locked and the private entries of other users/communities even if they are not friended by or they are banned from that particular user/community. Not only that, but several users have been taken to another user's entries when they try edit their own. The same mix-up in redirects goes for the redirect to edit profiles, edit journal information/settings, managing userpics, and even checking your message inbox. To put it simply: certain users have complete access to another user's account.

Whether or not people will exploit this fact remains to be seen and the Livejournal staff has yet to comment on the issue.
There's been no comment from LJ either way; [personal profile] eruthros has links to actual bug reports. People have started reporting that they're no longer getting the bug as of my writing this, but unless LJ says something officially, there'll be no way to know whether it's actually stopped.

As [personal profile] boundbooks says,
I'm really not sure what more can be said in response to a massive privacy breech on LJ as a result of a change not reported to users, while Dreamwidth has reported what is likely that LJ code-change to DW users in a timely manner, in order to explain a minor bug on Dreamwidth.

I'm probably going to discontinue crossposting of everything but translations to my LJ. In the meantime, [site community profile] dw_codesharing has lots of Dreamwidth invite codes.
Identity URL: 
Account name:
If you don't have an account you can create one now.
HTML doesn't work in the subject.


If you are unable to use this captcha for any reason, please contact us by email at

Notice: This account is set to log the IP addresses of everyone who comments.
Links will be displayed as unclickable URLs to help prevent spam.