Facebook has fixed a bug in the site’s password reset feature that could have been exploited to expose passwords of a small number of users who also use Hotmail. "We can access password of any facebook user who uses hotmail email address as their facebook account," a Turkish security researcher wrote in an e-mail to CNET the weekend of April 9 and 10. "If you have any hotmail account and if it is used as facebook account, we can change and send you your new password:)." A Facebook spokesman released a statement April 11 confirming the bug and saying it had been fixed. "We were notified of this vulnerability by a Turkish security researcher via our white hat queue, and we worked to quickly resolve the problem," the statement said. Source: http://news.cnet.com/8301-27080_3-20052926-245.html