Welcome to WebmasterWorld Guest from

Forum Moderators: not2easy

Message Too Old, No Replies

Email Spam Using Facebook Friends List

5:14 am on Sep 4, 2012 (gmt 0)

Administrator from US 

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 25, 2005
votes: 99

I just identified a new source of spam as definitively coming from Facebook tonight.

I have been getting several spams lately using names from my known contact lists, so I thought maybe one of my email accounts somewhere got hacked. However, tonight I got a couple of these spams that were using the married names of girls I went to high school with and the only place they could possibly have gotten those names was from my Facebook friends list. They are very specific names, the kind you don't just make up randomly like "Zelda Mathilda Hindenberger", and one spam had my daughters name in it as she uses it on Facebook, so the odds of this just being random chance are next to none.

All of these emails appear to be coming from free Yahoo mail accounts like "Zelda Mathilda Hindenberger <fakeemail1234@yahoo.com>", but the real question IMO is how the heck did they get my Facebook friends list and associate it to my email address?

I only have a handful of FB games and I think they're all Zynga except maybe one of them.

Bottom line is someone that I've allowed access to my Facebook data appears to either have been breached or is the breach themselves.

Not sure if it's even worth the time to report it to FB or not.


The only reason I posted this on the FB marketing forum is because besides being a FB topic, if someone is breaching Facebook friends lists and spamming people it could definitely have a negative impact on FB marketing IMO so it's a possible hot topic.
8:12 am on Sept 4, 2012 (gmt 0)

Administrator from JP 

WebmasterWorld Administrator bill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Oct 12, 2000
votes: 132

Could it have been this?
Facebook Says 'Misconfiguration' Allowed Spammers To Impersonate Users [forbes.com]

Email spammers are using data fraudulently obtained from Facebook to pose as users' friends and family, and trick them into clicking dangerous links.

In a statement released exclusively to Forbes on Wednesday, Facebook reported that the company has "discovered a single isolated campaign that was using compromised email accounts to gain information scraped from Friend Lists due to a temporary misconfiguration on our site."

"We have since enhanced our scraping protections to protect against this and other similar attacks, and will continue to investigate this case further," the company said. "To be clear, there was neither a mass compromise of Facebook accounts nor any leak of private information."
8:26 am on Sept 4, 2012 (gmt 0)

New User

joined:Sept 1, 2012
votes: 0

Email Spamming is increasing, and I think you should promptly report it to FB before it gets worst. Even I had met an incident when some one used name of a college mate of mine and posted some nuisance on my wall and message box, luckily the friend came to know that and informed us about the same. so I suggest you to immediately refer this to FB officials.
10:23 am on Sept 4, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Aug 16, 2002
votes: 0

I also have received SPAM emails over the last week from a FB friend.

Every time time you agree to an app on FB you give the app 100% access to all your information. I never allow app requests & never will until FB changes their policies.

My wife uses FB for games. She convinced me to allow her to buy points for 1 of the games & I used our debit card with a US Bank for the small purchase. About a month later small charges started appearing on my account & a week later large charges.

I blocked the card & the bank refunded all charges however be AWARE. FB is not secure.
1:55 pm on Sept 4, 2012 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Sept 4, 2001
votes: 38

Also remember that when your facebooks friends allow an app or use their facebook login to log onto another site, they are giving permission to these apps to access their friends' information, something most people don't realize. You can block this in your privacy settings.

12:36 pm on Sept 5, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Aug 16, 2002
votes: 0

I just received one with my wife's married name on it which she only uses in FB. Ha, ha.

Indicates to me that this problem has not been solved by FB.

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members