Pages

Sunday, January 30, 2011

Facebook blames bug for Zuckerberg 'hacking'

Mark Zuckerberg It is unclear how the' hack' occurred
Continue reading the main story
Facebook has said "a bug" was to blame for an odd posting purporting to come from Facebook founder Mark Zuckerberg.

Overnight, the cryptic message was posted to the Facebook fan page in the name of the 26-year old billionaire founder.

It called for the site to become a "social business" with investment from its users.
The message led to speculation that the the site had been hacked or Mr Zuckerberg's account was compromised.

Initially Facebook would not comment but it has since issued a statement: "A bug enabled status postings by unauthorised people on a handful of pages, The bug has been fixed," the statement read.

"It was a handful of public Facebook pages and no personal user accounts were affected," it added.
Take down The message, left in the name of Mr Zuckerberg, read: "Let the hacking begin: If Facebook needs money, instead of going to the banks, why doesn't Facebook let its users invest in Facebook in a social way?
"Why not transform Facebook into a 'social business' the way Nobel Prize winner Muhammad Yunus described it?"

Muhammad Yunus is a Nobel Peace Prize winner and the founder of the Grameen Bank, which offers small
loans to people who have no collateral to get started in business.
The message also linked to a recently edited Wikipedia article about social business and asked readers: "what do you think?"

In addition, it linked to a page for the Hacker Cup, an annual programming event organised by Facebook. Many have interpreted this as a sign that the hacker feels they should win the competition.
A detailed analysis of the message by the Guardian newspaper turned up some clues about the hacker, but has failed to identify them.


“Start Quote

The other possibility is that [Mr Zuckerberg] strode away from his desk for a while and someone grabbed it and typed the message in”
The cryptic Facebook post attracted nearly 2,000 comments before it was taken down, but not before technology blog
 
The page, which has nearly three million fans, has also been moved to a new address, according to researcher Graham Cluley of security firm Sophos.

He speculated before Facebook's clarification about what could be behind the incident.

He said that because the site was a public fan page, which are used to promote everything from businesses and products to bands and public figures, it was likely to be run by Facebook staff.

"It's quite possible that other people than Zuckerberg had access," he said.
"It could have been one of those that got hacked," he said.

The hacker may have got access to the account, he said, via a poorly chosen password or spyware installed on an employee's computer that stole the password.

Walk away He said the password could also have been stolen when an employee was accessing the unsecured version of the site over an unencrypted wi-fi network.

Last year, a tool called Firesheep was released that that made it easy for anyone sharing an unsecure connection to grab login information for many unsecure sites, including Facebook.

"I can easily imagine that something like that could have happened," said Mr Cluley.
Facebook has just released new tools aimed at shoring up user's accounts against tools like FireSheep, by allowing people to always connect via a secure connection.

However, Mr Cluley admitted that the site may not have been hacked at all and the post may have been made by a disgruntled employee.

"The other possibility is that [Mr Zuckerberg] strode away from his desk for a while and someone grabbed it and typed the message in."

"Although you wouldn't think that would do much for their job prospects".

The incident comes days after the account of French president Nicolas Sarkozy was also hacked to suggest that he was resigning.

"As a general rule this can happen to anyone," said Mr Cluley.
"Just because a person is famous or well known doesn't mean that everything that is posted from their account is legitimate."

Mr Zuckerberg's private account appears not to have been affected.