Home Facebook Hacked Again

Facebook Hacked Again

A report on BBC’s technology program, Click, has exposed yet another security flaw in Facebook – one that could comprise users’ privacy. This particular hack involves using a Facebook application to steal a users personal information – and the information of all their friends – without the user’s knowledge.

The hack exposed by the BBC involves an application that, once added by an unsuspecting user, sends the hacker all that person’s personal details and those of their friends in a formatted list. The details sent include things like full name, hometown, date of birth, and employer. BBC reporter, Spencer Kelly, notes that while this information on its own isn’t enough to steal someone’s identity, it certainly would help.

It’s possible for a malicious Facebook application, like the one used in the news story, to masquerade as a game or a quiz. And unlike protecting yourself from phishing emails, it’s not simply good enough for you to “know better” yourself – if even one of your friends installs the app, your details get stolen too.

Despite the severity of this potential hack, stories like this one are old news in the realm of those who follow social network hacking trends.

For example, white hat hacker “theharmonyguy,” wrote on his blog Social Hacking back in March about an app he submitted to social media instructor, Lee Aase’s, $100 hacking challenge. His app, once installed, would grab any available information from a private Facebook group. The app didn’t win the challenge, however, since it required action on the part of the user to be successful.

However, theharmonyguy points out that although Facebook has a Terms of Use that restricts applications from storing most user data, “there is not a practical way for Facebook to enforce or even completely audit this requirement.” And since these applications are third party code, they are essentially running on the honor system.

Facebook, especially, has been plagued by security lapses as of late, with the AP reporting news about a security exploit that exposed private photos on the site back in March. However as one of our own commenters pointed out, this hack was known as early as February, it just took the AP’s coverage to bring attention to the matter.

Then there was a story in January about Facebook app Secret Crush that downloaded and installed spyware to your computer. However, it’s not just Facebook under the gun – back in November, TechCrunch reported on an OpenSocial hack, this one involving the RockYou and Plaxo.

Reading these types of stories remind us that our security on these networks are in the hands of unknown developers, not just the sites themselves – developers who may be more concerned with getting their apps completed and installed than they are with security.

Facebook’s response to this latest BBC story is that they have “an entire investigations team that watches the site and removes content and third-party applications that violate Facebook’s Terms of Use.” However, they advise users to “employ the same precautions while downloading software from Facebook applications that they use when downloading software on their desktop.”

In other words, your security is left to the tech-savviness of you and your friends. (Considering my years in I.T/end user support, that’s a frightening concept. Many users aren’t smart, savvy, or careful when online.)

Even worse, if you do become a victim of an attack, good luck getting support from Facebook on dealing with it. As Lauren Cooney reports after her account was compromised to send out spam, she emailed the Facebook team several times, and spent the better part of an hour trying to track down a customer service number to no avail, noting “you would think that a company that collects that much data on their users would consider having a customer service number.” In the end, it was nine hours before she received an email response.

What this means for the average social networker is that we need to be very careful on these networks, and should not entirely rely on them to keep us safe. If there’s really a photo you don’t want certain people to see, maybe it’s best to keep it offline forever. We also need to be vigilante about the applications we install, on Facebook and elsewhere, and take the time to educate our friends to do the same.

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.