A newly discovered security flaw on Facebook could allow a hacker to scrape a user’s public data, make them “like” pages and even delete their friends list. A college student in New York discovered the hole on Wednesday and despite notifying Facebook it still has not been fixed. The site is not checking code sent from users’ browsers to make sure they are the authorized account holders. It’s what’s known as a cross-site request forgery bug, and the fact they are ignoring the problem doesn’t bode well for them. Facebook has faced harsh criticism in recent weeks for its decision to force users to make some of their personal information public and their constantly changing privacy policies and tools. They need to get it together and fast! In the meantime, to protect yourself from a scammer attempting to exploit this bug, don’t click on links sent to you on Facebook by people you don’t know and if a link posted on your wall by a friend seems fishy, trust that instinct. Oh, and ignore any invite you get to try an app that promises to let you see who visits your profile. They are all fakes!