Spanish brickie finds Facebook hacking flaw

Nov 30, 2011
A Spanish builder stumbled on an online loophole that enables users to send Facebook messages in other users' names, prompting an alert by authorities, he said Wednesday.

A Spanish builder stumbled on an online loophole that enables users to send Facebook messages in other users' names, prompting an alert by authorities, he said Wednesday.

Spain's said it had alerted the US online networking site after Alfredo Arias, 37, warned them of the that allows a hacker to use e-mail addresses when sending spoof messages.

Arias found that anyone who knows how to create an online messaging form -- a simple procedure for a website designer -- can enter another person's e-mail address in the "sender" field and send a message as if it were from them.

The procedure is a common trick of online frauds, but Spain's government Internet watchdog Inteco said it was concerned to see that Facebook's e-mail service did not have safeguards to stop its addresses being misused this way.

"It is very easy. You only have to know how to create a web page to do it," Arias, from the northern Spanish city of Leon, told AFP.

He said he alerted the institute and published details of how to carry out the procedure on his blog.

Inteco issued a warning to about the risk.

"We issued this message when we heard of this concrete case," a spokeswoman for the institute told AFP, adding that it had alerted Facebook.

"While the problem is common to all e-mail services, on Facebook it takes on a bigger dimension by linking in to the online ," said a warning to web users published by Inteco's Bureau.

"This flaw could be used by ill-intentioned users for example to pass themselves off as a friend of the victim and invite them to visit malicious web pages or download untrustworthy applications."

Separately, US authorities said Tuesday that Facebook agreed to tighten its privacy policies and submit to external audits in order to settle charges that it abused users' personal data.

That deal settled two-year-old accusations that Facebook -- which has some 800 million users -- had allowed advertisers access to users' personal data when users were told it was being kept private.

Explore further: A Closer Look: Your (online) life after death

add to favorites email to friend print save as pdf

Related Stories

Privacy groups ask FTC to investigate Facebook

Sep 29, 2011

(AP) -- Nine privacy groups have sent a joint letter to the Federal Trade Commission saying it should investigate the ways Facebook collects data about users' online activity after recent changes to its site.

Facebook glitch exposes chat messages (Update 2)

May 05, 2010

Facebook on Wednesday temporarily shut down its online chat feature after a software glitch let people's friends in the online community see each others' private chat messages.

Facebook reaches German privacy deal

Jan 24, 2011

(AP) -- Facebook said Monday it has reached a deal with German data protection officials in a dispute over unsolicited invitations sent to non-members of the social networking site through its "Friend Finder" feature.

Recommended for you

A Closer Look: Your (online) life after death

1 hour ago

Sure, you have a lot to do today—laundry, bills, dinner—but it's never too early to start planning for your digital afterlife, the fate of your numerous online accounts once you shed this mortal coil.

Web filter lifts block on gay sites

1 hour ago

A popular online safe-search filter is ending its practice of blocking links to mainstream gay and lesbian advocacy groups for users hoping to avoid obscene sites.

Protecting infrastructure with smarter CPS

8 hours ago

Security of IT networks is continually being improved to protect against malicious hackers. Yet when IT networks interface with infrastructures such as water and electric systems to provide monitoring and control capabilities, ...

Apple helps iTunes users delete free U2 album

22 hours ago

Apple on Monday began helping people boot U2 off their iTunes accounts after a cacophony of complaints about not wanting the automatically downloaded free album by the Irish rock band.

Habitual Facebook users: Suckers for social media scams?

Sep 15, 2014

A new study finds that habitual use of Facebook makes individuals susceptible to social media phishing attacks by criminals, likely because they automatically respond to requests without considering how they are connected ...

YouTube to go offline in India on Android phones

Sep 15, 2014

YouTube users in India will soon be able to save videos from the Google-owned service, making it possible to watch them offline, and the feature will eventually be available globally, the company said Monday.

User comments : 0