A widespread spam attack on Facebook has caused violent and pornographic images to be posted on some users’ profile pages, representing one of the worst security breaches in the website’s history and raising concerns about its vulnerability to hackers.
The company, which acknowledged the problem Monday, said it was working to shut down the accounts responsible for the attack.
The disturbing pictures surfaced as the company tries to quell concerns about user safety and privacy. Facebook is reportedly near a settlement with the Federal Trade Commission over complaints about the way it stores and shares user data.
Experts said that while this latest attack didn’t appear to compromise users’ data, it was a serious security breach.
“Protecting the people who use Facebook from spam and malicious content is a top priority for us, and we are always working to improve our systems to isolate and remove material that violates our terms,” Facebook spokesman Andrew Noyes said in a statement. “Our efforts have drastically limited the damage caused by this attack, and we are now in the process of investigating to identify those responsible.”
According to Facebook, users were somehow tricked into copying and pasting malicious code into their browser bars. Hackers then gained access to their profiles and could post whatever they wished, and any of the user’s Facebook friends could see the images.
Chester Wisniewski, a security researcher at Sophos, said similar schemes in the past have lured users in with promises of free or discounted products.
It was unclear Tuesday who was responsible. Groups of hackers have threatened to put out a virus to “take down Facebook” over their concerns with the way it handles user privacy.
Daimon Geopfert, a security expert for RSM McGladrey, said that this was one of the largest Facebook attacks he has seen. The scale and speed were “unprecedented,” he said.
Experts said it was easy to imagine another attack on the Facebook platform that would be more troubling: sending false messages to family and friends to lure them to malicious sites, where they might be tricked into revealing private information. They warned that hackers could use the template of this attack to launch copycat efforts.
Part of Facebook’s success has stemmed from its ability to get developers to create games and other applications that work seamlessly on the site’s platform. But giving such leeway to outside programmers means the site is also vulnerable to hackers, Wisniewski said.
Facebook could be doing more to stop these kinds of attacks, he said, such as checking the credentials of programmers who register with the site.
Send questions/comments to the editors.
Success. Please wait for the page to reload. If the page does not reload within 5 seconds, please refresh the page.
Enter your email and password to access comments.
Hi, to comment on stories you must . This profile is in addition to your subscription and website login.
Already have a commenting profile? .
Invalid username/password.
Please check your email to confirm and complete your registration.
Only subscribers are eligible to post comments. Please subscribe or login first for digital access. Here’s why.
Use the form below to reset your password. When you've submitted your account email, we will send an email with a reset code.