Facebook’s security woes: 600K accounts compromised per day
By Kara Reeder
November 2, 2011, 7:49 AM PDT
Takeaway: Kara Reeder reports on the latest security mishaps from the Facebook camp.
With more than 800 million active users, there’s no shortage of people looking for loopholes in the social network. The latest vulnerability has been discovered by Nathan Powers, who works for technology consultancy CDW. Powers has discovered a way for a user to send an executable file to another user who is not their friend. The risk, as Computerworld points out, is that “a hacker [could] send, for instance, a key logging program to another user in a kind of spear-phishing attack.”
Facebook’s Security Manager Ryan McGeehan is downplaying the flaw, noting that “an additional layer of social engineering” would be required for the scam to work.
Security issues are nothing new for Facebook. In fact, as msnbc.com reports, buried deep in a recent security announcement, Facebook revealed that 600,000 accounts are compromised every day. Of course, Facebook put a different spin on it, saying “only 0.06 percent of 1 billion logins per day are compromised.” Still, 600,000 a day is nothing to scoff at as hijacked Facebook accounts lay the foundation for a number of misbehaviors, including cyber bullying and scams designed to trick unsuspecting users into coughing up money.
Editor’s Note: Facebook has clarified what they mean by “compromised.” According to TechCrunch:
Facebook wants it known that these accounts weren’t hacked or compromised on Facebook itself, they are compromised off site, such as through phishing scams, for example.
Facebook blocks access to accounts when they have reason to believe someone other than the true owner is trying to access it. Here is Facebook’s original infographic (PDF), which includes the numbers cited (.06% of 1 billion logins per day).
I am astonished that Facebook down plays such a large number of compromised accounts. 600,000 accounts a day are compromised! I can’t even begin to wrap my head around that figure. Many of these users are not in the information technology field and most likely don’t have a healthy sense of skepticism when using a social networking site like Facebook. IF attackers are able to compromise user’s accounts, they can harvest useful information that user’s post on Facebook assuming their information is safe and secure. They need a password to access their profile so they assume no one else is able to access the profile without their knowledge. This is definitely not a safe assumption to make. The stat of 600,000 compromised accounts a day clearly prove that.
The discovery of the latest vulnerability of Facebook was made by Nathan Powers of CDW. The vulnerability makes it possible for an attacker to send an executable file to another user that they are not friends with. Programs like key loggers and bonnets could be sent in attempts at a spear fishing attack. This presents a major security risk for the end users of Facebook. Their personal information including passwords, pin numbers, web surfing activity, and bank account numbers to name a few could now be possible accessed remotely by another Facebook user. The victim would have no idea that this was happening until it was too late. The attacker could also make fraudulent entries on the victims Facebook profile and damage their reputation with friends, family and colleagues.
I myself am a Facebook user, but after reading this article I am going to have to think long and hard if continuing to do so is just too risky. It is wonderful that I am able to keep in touch with friends and family that live far away and see pictures of them; but is that really worth possibly exposing myself to an attacker looking to hack my account and cause havoc?