Hackers launched an attack on Facebook's 200 million users on Thursday, successfully gathering passwords from some of them in the latest campaign to prey on members of the popular social networking site.
Facebook spokesman Barry Schnitt said on Thursday that the site was in the process of cleaning up damage from the attack.
The hackers got passwords through what is known as a phishing attack, breaking into accounts of some Facebook members, then sending e-mails to friends and urging them to click on links to fake websites.
He said that Facebook was blocking compromised accounts.
Schnitt declined to say how many accounts had been compromised.
[edited by: engine at 4:34 pm (utc) on May 15, 2009]
Msg#: 3914424 posted 4:14 pm on May 15, 2009 (gmt 0)
IMHO The title of this thread is a little bit misleading. Facebook hasn't been hacked at all. Some users have been daft enough to hand over their password to an untrusted site. It's hardly surprising, most big site have this happen. there's not much you can do to prevent it.
The title of the original news article "Hackers launch phishing attack on Facebook users" is more accurate and less sensationalist.
[edited by: mrMister at 4:15 pm (utc) on May 15, 2009]
Msg#: 3914424 posted 4:31 pm on May 15, 2009 (gmt 0)
mrMister, good point. However this is a little different then someone getting into e.g. my Amazon.com account due to the fact that I clicked on a phishing email. In that case I'm the only one who's really affected. It's a fundamental 'flaw' in the workings of Facebook that if one of my friends clicks on a phishing email then info in my account (which may contain enough info to help a criminal get into my bank account) is also compromised. So, to most people, what's the difference between Facebook getting hacked and a friend's Facebook account getting hacked?
Msg#: 3914424 posted 8:15 am on May 19, 2009 (gmt 0)
These people shouldn't click on links to fake websites
Well a big problem with Myspace and facebook is that they do not tell you the link your clicking on. I wished they would tell you what domain name you are going to instead of the myspace or facebook URL code junk.