The TV show “Mr. Robot” received a lot of praise from its tech-savvy audience after the USA Network drama about a group of anti-establishment hackers debuted last year.
About to return for its second season on 13 June, the marketing folks at USA have come up with some clever promotions to build anticipation and attract attention, including a website that allows you to “join FSociety,” the fictional hacktivist group featured in the show.
Ironically, a real-life hacker discovered last week that the Mr. Robot website had a serious security vulnerability that a malicious hacker could have exploited to steal Facebook profile information.
When you visit the site – whoismrrobot.com – you have the option to play a game that requires you to sign in using your Facebook profile, and that means handing over your profile data including including name, email address, profile picture, age range, gender, language, country and more.
The hacker who discovered the flaw, who goes by the moniker Zemnmez, sought out the show’s creators on Twitter on Monday (9 May), the day the Mr. Robot website launched.
Fortunately, Zmenmez was able to get in touch with Sam Esmail, the writer and creator of Mr. Robot, and the flaw was fixed within a day – hopefully, before anyone with malicious intent discovered the bug.
This episode might be a bit embarrassing for USA Network and Mr. Robot.
But it’s a powerful reminder that even people who should know better can sometimes make mistakes that put our data at risk.
It also raises an important point about what could happen when a website asks for access to your Facebook profile.
Are you willing to trade your privacy to play a game that you’ve never seen before and aren’t likely to play again?
Image of FSociety courtesy of USA Network.