Facebook has fixed a bug in the site's password reset feature that could have been exploited to expose passwords of a small number of users who also use Hotmail.

"We can access password of any facebook user who uses hotmail email address as their facebook account," Turkish security researcher Serkan Gencel, wrote in an e-mail to CNET this weekend. "If you have any hotmail account and if it is used as facebook account, we can change and send you your new password:)."

A Facebook spokesman released a statement today confirming the bug and saying it had been fixed.

"We were notified of this vulnerability by a Turkish security researcher via our white hat queue, and we worked to quickly resolve the problem," the statement said.

More: http://news.cnet.com/8301-27080_3-20052926-245.html