Modernizing Authentication — What It Takes to Transform Secure Access
Facebook CEO Mark Zuckerberg Tuesday night became the latest victim of a targeted hack attack on the world's most popular social networking site when someone managed to access and post bogus status messages on his fan page.
Facebook quickly scrambled to change the Web addresses for his page but not before a hacker weighed in with his or her thoughts on how the nearly 600 million-member-strong social networking goliath should go about raising some more capital for its expansion.
"Let the hacking begin: If Facebook needs money, instead of going to the banks, why doesn't Facebook let its users invest in Facebook in a social way? Why not transform Facebook into a 'social business' the way Nobel Price winner Muhammad Yunus described it? http://bit.ly/fs6rT3 What do you think? #hackercup2011," the hacked message said.
The bit.ly link in the post takes visitors to a Wikipedia page describing the various benefits of so-called "social business," a concept championed by the Bangladeshi economist in which companies use their cash and clout to help fight poverty. Within hours of its posting, the bogus message was "liked" by almost 2,000 Facebook visitors.
Regardless, this security breach couldn't have come at a more embarrassing time for Time magazine's recently anointed "Person of the Year" considering Facebook just this morning posted a blog entry titled "A Continued Commitment to Security" in which it paid homage to "Data Privacy Day" (Friday) and outlined a "number of complex systems that operate behind the scenes to keep you secure on Facebook" including remote logout and one-time passwords.
Facebook officials were not immediately available to comment on security breach.
Zuckerberg is hardly the first celebrity, world leader or corporate chieftain to be victimized by a social media attack.
Back in January 2009, President Obama was among a group of 33 people who were targeted by a Twitter-based attack that resulted in hackers accessing posting erroneous tweets from victims' accounts.
More recently, hackers in September infiltrated the Twitter accounts of thousands of users including White House press secretary Robert Gibbs and Sarah Brown, the wife of the former British Prime Minister Gordon Brown.
Security software vendors and privacy advocates have been railing about the inherent security risks associated with social networking virtually since their inception.
Despite numerous security enhancements and policy changes, registered users on Twitter, Facebook and other popular, community-based websites continue to be plagued by identity theft, malware traps and garden-variety invasions of their privacy.
"Facebook users -- famous or not -- need to take better care of their social networking security," Graham Cluley, senior technology consultant at security software vendor Sophos, said in an email to InternetNews.com. "Mark Zuckerberg might be wanting to take a close look at his privacy and security settings after this embarrassing breach, and consider who is allowed to post on his behalf."
Cluley added that it's too early to speculate as to how the breach occurred.
"But however it happened, it's left egg on his face just when Facebook wants to reassure users that it takes security and privacy seriously," Cluley said. "Maybe Mr. Zuckerberg would be wise to get a refresher on computer security best practice."
Keep up with security news; Follow eSecurityPlanet on Twitter: @eSecurityP.