Last night Facebook’s Mark Zuckerberg’s fan page on the company’s website was attacked by hackers, who took over his page and posted the following message, pretending to be him: “Let the hacking begin: If Facebook needs money, instead of going to the banks, why doesn’t Facebook let its users invest in Facebook in a social way?”
“Why not transform Facebook into a ‘social business’ the way Nobel Price winner Muhammad Yunus described it? http://bit.ly/fs6rT3 What do you think? #hackercup2011.”
Although the message was swiftly removed, technology website TechCruch said it had captured a screen shot of the message that had already attracted 1803 likes and 438 comments. The company has refused to comment on the security breach.
“Facebook users – famous or not – need to take better care of their social networking security,” said Graham Cluley, senior technology consultant at internet security company Sophos.
A survey conducted by Sophos this month asking more than 1200 computer users which social network they felt posed the biggest security risk, found that Facebook ranked ahead of its peers by 82 per cent of respondents.
“One thing is certain, and is unlikely to be news that’s welcomed at Facebook HQ. There is a growing perception out there that Facebook isn’t the safest of places to be,” wrote Graham Cluley in a recent blog post.
Some of the key threats recently highlighted by Sophos are rogue applications or survey scams that pop up from users’ own Facebook friends who have been tricked into clicking on an interesting looking news headline or YouTube video.
After that the applications duplicate to everyone in users friend’s list. It then directs them to click on a website or survey, or inadvertently download malware.
“Mark Zuckerberg might be wanting to take a close look at his privacy and security settings after this embarrassing breach. It’s not clear if he was careless with his password, was phished, or sat down in a Starbucks and got sidejacked while using an unencrypted wireless network.”
“But however it happened, it’s left egg on his face just when Facebook wants to reassure users that it takes security and privacy seriously. Maybe Mr Zuckerberg would be wise to get a refresher on computer security best practice.”
Paul Ducklin, head of technology for Sophos Asia Pacific said fan pages such as Zuckerberg’s often granted a large number of company staff the ability to log in.
“Even if everybody with access to the page is straight-as-a-die honest, they could be keylogged, accidentally leave the page logged in, and all sorts of other things could go horribly wrong. The chain is only as strong as weakest link,” he said.
“Facebook does like to be compared to a country, but the flip side of that is how you actually provide for your citizens in terms of things like a bill of rights or a police service.
“If they set higher standards – for example requiring application developers to identify themselves in a way that is likely to be traceable – that would be slightly less convenient and less open but would be hell of a lot better for its 500 million strong community,” said Ducklin.
The Zuckerberg’s hacker attack comes just days after French President Nicolas Sarkozy’s Facebook account was also targeted.
It also comes a week after Facebook disabled a new feature which allowed third party companies access to people’s personal contact details, after negative user feedback and warnings from security experts. [via TechCrunch and SMH (AU)]