Spanish brickie finds Facebook hacking flaw

November 30, 2011
A Spanish builder stumbled on an online loophole that enables users to send Facebook messages in other users' names, prompting an alert by authorities, he said Wednesday.

A Spanish builder stumbled on an online loophole that enables users to send Facebook messages in other users' names, prompting an alert by authorities, he said Wednesday.

Spain's said it had alerted the US online networking site after Alfredo Arias, 37, warned them of the that allows a hacker to use e-mail addresses when sending spoof messages.

Arias found that anyone who knows how to create an online messaging form -- a simple procedure for a website designer -- can enter another person's e-mail address in the "sender" field and send a message as if it were from them.

The procedure is a common trick of online frauds, but Spain's government Internet watchdog Inteco said it was concerned to see that Facebook's e-mail service did not have safeguards to stop its addresses being misused this way.

"It is very easy. You only have to know how to create a web page to do it," Arias, from the northern Spanish city of Leon, told AFP.

He said he alerted the institute and published details of how to carry out the procedure on his blog.

Inteco issued a warning to about the risk.

"We issued this message when we heard of this concrete case," a spokeswoman for the institute told AFP, adding that it had alerted Facebook.

"While the problem is common to all e-mail services, on Facebook it takes on a bigger dimension by linking in to the online ," said a warning to web users published by Inteco's Bureau.

"This flaw could be used by ill-intentioned users for example to pass themselves off as a friend of the victim and invite them to visit malicious web pages or download untrustworthy applications."

Separately, US authorities said Tuesday that Facebook agreed to tighten its privacy policies and submit to external audits in order to settle charges that it abused users' personal data.

That deal settled two-year-old accusations that Facebook -- which has some 800 million users -- had allowed advertisers access to users' personal data when users were told it was being kept private.

Explore further: Facebook glitch exposes chat messages (Update 2)

Related Stories

Facebook reaches German privacy deal

January 24, 2011

(AP) -- Facebook said Monday it has reached a deal with German data protection officials in a dispute over unsolicited invitations sent to non-members of the social networking site through its "Friend Finder" feature.

Privacy groups ask FTC to investigate Facebook

September 29, 2011

(AP) -- Nine privacy groups have sent a joint letter to the Federal Trade Commission saying it should investigate the ways Facebook collects data about users' online activity after recent changes to its site.

Recommended for you

Computer model demonstrates how human spleen filters blood

June 27, 2016

Researchers, led by Carnegie Mellon University President Subra Suresh and MIT Principal Research Scientist Ming Dao, have created a new computer model that shows how tiny slits in the spleen prevent old, diseased or misshapen ...

Mapping coal's decline and the renewables' rise

June 23, 2016

Even as coal-fired power plants across the U.S. are shutting down in response to new environmental regulations and policy mandates, defenders of the emissions-heavy fuel still have cost on their side. Coal, after all, is ...

Electric racing car breaks world record

June 23, 2016

The Formula Student team at the Academic Motorsports Club Zurich (AMZ) accomplished its mission today: the grimsel electric racing car accelerated from 0 to 100 km/h in just 1.513 seconds and set a new world record. It reached ...

Flower power—photovoltaic cells replicate rose petals

June 24, 2016

With a surface resembling that of plants, solar cells improve light-harvesting and thus generate more power. Scientists of KIT (Karlsruhe Institute of Technology) reproduced the epidermal cells of rose petals that have particularly ...

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.