It looks like the Facebook account of Jim Breyer, whose firm Accel Partners was an early investor in the social network and who sits on the company’s board, was hacked over the weekend.Breyer’s account sent out a message to some of his Facebook friends asking them to RSVP for an event related to getting a “Facebook Phone Number.” This message was apparently a result of a phishing attack — a hacking attack where a user, in this case Breyer, unwittingly gives up his password through a hacker-controlled website deceptively engineered to resemble the real thing.
Facebook says the security issue has been resolved, but the fact that this happened still seems newsworthy for a couple reasons.
First, it shows that it’s possible for even a sophisticated Facebook user like Breyer to become the victim of an attack.
Second, PEHub’s Connie Loizos, who broke the story, argued that Breyer may have been specifically targeted in response to new Facebook features that many users see as a violation of their privacy. Such attacks against an individual are known as “spearphishing.”
In an email to VentureBeat, Loizos elaborated on her reasoning, saying that she can’t be sure, but it “strikes me as more than coincidental” that at the same time as Facebook seems to be escalating its competition with Google, Breyer’s account is hacked to send out a message on yet another service that would compete with Google (in this case with Google Voice).
Lastly, regardless of whether Breyer was intentionally targeted or not, he’s a prominent figure in the tech industry with connections to other high-profile figures. Hopefully the Silicon Valley executives and investors who are Breyer’s Facebook friends all realized that his invite seemed suspicious and didn’t fall for it.
Here is Facebook’s full statement on the news:
We take security very seriously and have devoted significant resources to helping our users protect their accounts. We’ve developed complex automated systems that detect and flag Facebook accounts that are likely to be compromised (based on anomalous activity like lots of messages sent in a short period of time, or messages with links that are known to be bad). Because Facebook is a closed system, we have a tremendous advantage over email. That is, once we detect a phony message, we can delete that message in all inboxes across the site. We also block malicious links from being shared and work with third parties to get phishing and malware sites added to browser blacklists or taken down completely. Users whose accounts have been compromised are put through a remediation process where they must take steps to re-secure their account and learn security best practices. This is what happened with Mr. Breyer’s account.To combat these threats, however, we need users’ help too. People can protect themselves by never clicking on strange links, even if they’ve been sent by friends, and by being wary of sites that require them to download or upgrade software. We encourage users to become fans of the Facebook Security Page (http://www.facebook.com/security) for updates on new threats and other helpful information. Here are some additional tips from that Page:
- Use an up-to-date browser that features an anti-phishing blacklist.
- Choose unique logins and passwords for each of the websites you use.
- Check to see that you’re logging in from a legitimate Facebook page with the facebook.com domain.
- Be cautious of any message, post, or link you find on Facebook that looks suspicious or requires an additional login.
No comments:
Post a Comment