By Robert McMillan  –  May 21, 2010 08:21 PM ET

IDG News Service – Facebook has fixed a flaw that let hackers delete Facebook friends without permission.

The flaw was reported Wednesday by Steven Abbagnaro, a student at Marist College in Poughkeepsie, New York. It was patched Friday afternoon, Pacific time, after the IDG News Service notified Facebook of the issue.

The bug was a variation of an earlier vulnerability that Facebook learned about last week, which affected a range of features on the Web site. Hackers could have leveraged Abbagnaro’s bug to delete all of a victim’s contacts, one by one, but it does not appear that anyone ever exploited it in a malicious way.

For Abbagnaro’s attack to work, however, a user would have to have been tricked into clicking on a malicious Web link while still logged into Facebook.

For more  visit Robert McMillan at Computerworld.com