Identity Theft News

Facebook fan blog hacks user profiles to reveal security hole

Tuesday, June 23, 2009

FBHive, a Facebook fan blog that debuted Monday, posted personal information from several famous users of the site to demonstrate a security flaw that Facebook has since repaired.

The bloggers at FBHive published data from the user profiles of Facebook founder and CEO, Mark Zuckerberg, Digg founder Kevin Rose and others. In an update post on Tuesday, the blog revealed that FBHive ("two twenty-something guys who are avid fans of Facebook") had hacked the private profile information containing the user's networks, sex, birthday, hometown, siblings, parents and relationship status.

Security experts said the personal information such as birthdates could be used to attempt to steal login and password information for email accounts or other social networking sites.

The exploit involved fooling the "Edit Information" section of a user profile to display another user's "Basic Information" page, which was the only section of the site the FBHive guys could access with their hack.

"By using the Tamper Data add-on for Firefox, we were able to change our profile ID number to that of Mark Zuckerberg, and voilà! His basic info appeared in our own profile," the blog reported.

Last September, hackers were able to use the serial number of any Facebook user and a hack through Firefox browsers to access private photos on the site.

Facebook fixed that security flaw after being alerted by CNET News about the hack.
ADNFCR-1765-ID-19232119-ADNFCR

Related News:

Threat of identity theft shows need for online security - 11.19.2009
As Americans live increasingly large portions of their lives on the internet, the possibilities and incentives for remote identity theft increase as well. A report in the New York Times advises caution, and gives tips for constructing an "online bulwark" to prevent theft and fraud.

Wi-Fi network security vulnerable to man-in-the-middle attacks on smart phones - 11.16.2009
Researchers last week revealed a weakness in mobile network security that could allow for so-called "man-in-the-middle" techniques to steal personal information from users of certain types of mobile phones.

FDIC warns banks of money transfer 'mules' duped by cybercriminals - 11.2.2009
In a new warning to banks about illicit electronic fund transfers, the Federal Deposit Insurance Corporation (FDIC) said last week that online bank account theft is rising using "money mules," unwitting job-seekers who are duped by cyber crooks into wiring funds from hacked bank accounts.

Obama addresses cybersecurity awareness in YouTube video - 10.21.2009
Online cyber attacks and identity theft have never been higher, a threat environment that challenges U.S. security every day. President Obama has designated October as National Cybersecurity Awareness Month, which he addressed in a web video last week.

Facebook application security hole exposes millions to hacking, researcher says - 10.19.2009
A security researcher is warning Facebook users about potential vulnerabilities in Facebook applications that could allow cross-site scripting (XSS) hacker attacks for hijacking user accounts.
View Related Resources
Or
Watch an Online Demo
Or
Have us call you now