Home /
About me

Sites I like

Ad Lab

Econsultancy's Digital Marketing Blog

Nextness

problogger.net

Seth Godin's Blog

Start Up Blog

Stef Dawson's blog

Super Colossal

Textpattern Developer's Blog

TXP Builders

Websimple

ZoSews

Feeds

RSS | Atom

About me

Working in new media since '98

Online marketeer working for a software house

Italian-Australian living in Melbourne, Australia

40, married, recent father

the Architxt's Journal

13 Oct '09 | New Media Thoughts

Is Facebook helping phishers hack email accounts?

share:

Social networks contradict themselves when they state in their terms that users should not share their accounts and passwords and then ask people, duing sign-up, to submit their web mail details to ‘invite’ their friends too register too.

Earlier this month thousands of email accounts from providers such as Hotmail, Google Mail and Yahoo! Mail were compromised. If you haven’t heard about that you can read up about it on the The Times Online.

Microsoft blamed phishing schemes rather than breaches in their own system — We are aware that some Windows Live Hotmail customers’ credentials were acquired illegally by a phishing scheme and exposed on a website

Google’s statement started on a similar note — This is not a breach of Gmail security, but rather a scam to get users to give away their personal information to hackers.

Facebook should take some of the blame

And so should MySpace, Friendster and other social networks out there that feature email harvesting functions that require users to submit their email account’s login details. Such as Facebook’s Friend Finder function – Step 2 of the sign up process:

Facebook's first step of the sign up process

The system works like this. You enter your Yahoo! Mail login details, for example, and a Facebook script will extract email addresses from your contacts list and fire off an email inviting them to join Facebook too.

It is a useful tool, I admit, but a risky one for 2 reasons:

  • Are we 100% sure that log in details are not being recorded? Perhaps some criminally minded engineer is recording all this info on a USB stick…
  • If Facebook and Myspace are doing this people will think that it’s a standard feature for social networks and that it’s OK to share their login details. Would you do the same on some obscure site?

Ironically, Facebook’s prohibits this kind of thing

Point 4.6 of their terms states:

You will not share your password, let anyone else access your account, or do anything else that might jeopardize the security of your account.

I posed this question to Mozelle Thompson, a former TC Commissioner and a legal consultant at Facebook the other day (he was in town for a IAPP conference and gave a talk where I work) and his reply was that it is a very useful tool and that, ultimately, it’s user has a choice to use it or not. Not much of an answer.

Less marketing, more security

I doubt that social networks will want to give up such a viral tool so I’m wondering whether email providers can put a stop at this practice. Surely they’re unhappy about it?

Advert

By Lawrence Ladomery
 blog comments powered by Disqus