Monday, September 7, 2009

Facebook - inadequate security...

On the 6th of July 2009 my Facebook profile was hacked. The hacker began contacting my friends using Wall posts and chat messages. The hacker, acting under the pretence that it was me, was claiming I had been mugged in London and was asking for money to be sent via Western Union.

The first sign I got that something was wrong was a standard email from Facebook asking that I confirm that I wished to change my contact email address. The address that was being changed to was the hacker's address. I naturally clicked the appropriate link stating that I had not initiated such an action and I was taken to a page where I was able to reset my password and login to my Facebook profile. Once logged in, I saw open chat windows where friends had been contacted and were being asked to send money. I replied to some of these messages stating the profile had been hacked. I was then logged out of my profile by the hacker and I was unable to log back in as the hacker had successfully changed my email address to his/hers.

I contacted Facebook to bring this serious matter to their attention. I received no reply. A day later, I contacted Facebook once more and they eventually replied stating that they had received notification that my profile had been compromised and they had removed it for security reasons. I then heard nothing from Facebook for 5 days despite numberous attempts to contact them for an update to this serious breach in security. When I eventually got a reply from Facebook, they claimed that the hacker must have had access to my email account and they asked me to ensure I had control of my email account and change the password associated with my email account. They also asked me to select a new unique password for my Facebook profile. This is my opinion is an unacceptable response to a breach in security. The hacker did not have access to my email account and I never share my password with anyone. Facebook clearly do not know how the hackers and cybercriminals are gaining access to users' profiles. I have noticed that Facebook now only allows users to be logged in from one computer at a time whereas before, if the user did not press logout on a particular computer, they would remain logged in on that computer and on the next computer that they used. This again is not going to prevent the hackers and cybercriminals from accessing users' profiles and locking them out because the hacker can quite quickly and easily change the email address associated with the Facebook account from the user's email address to their own email address.

If you do not believe me, see other Internet articles below:

No comments:

Post a Comment