Facebook fan blog hacks user profiles to reveal security hole
Tuesday, June 23, 2009
FBHive, a Facebook fan blog that debuted Monday, posted personal information from several famous users of the site to demonstrate a security flaw that Facebook has since repaired.
The bloggers at FBHive published data from the user profiles of Facebook founder and CEO, Mark Zuckerberg, Digg founder Kevin Rose and others. In an update post on Tuesday, the blog revealed that FBHive ("two twenty-something guys who are avid fans of Facebook") had hacked the private profile information containing the user's networks, sex, birthday, hometown, siblings, parents and relationship status.
Security experts said the personal information such as birthdates could be used to attempt to steal login and password information for email accounts or other social networking sites.
The exploit involved fooling the "Edit Information" section of a user profile to display another user's "Basic Information" page, which was the only section of the site the FBHive guys could access with their hack.
"By using the Tamper Data add-on for Firefox, we were able to change our profile ID number to that of Mark Zuckerberg, and voilà! His basic info appeared in our own profile," the blog reported.
Last September, hackers were able to use the serial number of any Facebook user and a hack through Firefox browsers to access private photos on the site.
Facebook fixed that security flaw after being alerted by CNET News about the hack.
Related News:
Password security a tall order for many web users - 1.22.2010
A recently released study from tech researcher Imperva showed that the most popular password among users whose accounts were compromised in the recent RockYou data breach was as follows: 123456.
Facebook fixes "wrong friends list" mobile network security glitch - 1.22.2010
CNET reports that social media network Facebook has repaired a problem in the mobile version of its service that caused some mobile users to have full access to the friends lists of unassociated users.
Automated phishing scam hits bank customers - 1.14.2010
Phishing attacks do not target victims exclusively via email, experts say, pointing to a recent rash of automated phone calls that attempted to convince victims to give up sensitive banking information.
Scammers ride aftershocks of Haiti catastrophe - 1.14.2010
The Federal Bureau of Investigation has issued a warning to those who want to contribute to earthquake relief efforts in Haiti, saying that cyber criminals and other types of scam artists are trying to take advantage of an outpouring of humanitarian support.
Banking Trojans finding new vector with fake Outlook alerts - 1.11.2010
A spurious alert purporting to come from Microsoft Outlook has cropped up in recent weeks, according to a maker of email filtering software.
|
